Headcount alone isn’t enough for your headache


By Dave Lewis, Advisory CISO, Cisco Security

We’ve all heard the phrases: An ounce of prevention is worth a pound of cure; failing to plan is planning to fail. But sometimes even the best plans fall short when attackers come calling on your enterprise.

This is sage advice. There is an overwhelming need to ensure enterprises can respond to threats in a timely manner. To support the enterprise’s ability to react to incidents, you need three key elements:

  • Strong security staffing
  • Defined repeatable processes
  • A better hammer

Everything starts with a strong security staff
If you build a house, it must have a solid foundation. When you are building your security practice, that same logic holds true. However, with a security practice, your foundation is your staff. When you have a good staff that you can depend on, you can respond to security incidents in a timely manner.

So, what kind of team makes us less likely to cede the high ground? Internal or outsourced?

The Security Outcomes Study, Vol. 2, found that outsourced detection and response teams were seen as being superior, while the actual numbers told a different story. Internal teams demonstrated a faster mean-time-to-respond of 6 days versus the 13 days of an outsourced approach.

Above all else, one statement can be said with full confidence — having a strong, skilled cybersecurity team is of upmost importance.

Focus on developing solid repeatable processes
Defined repeatable processes are key tools for teams to reduce risk in their enterprises. We’ve all experienced the “joy” of running around with our hair on fire at a previous employer (or current one if you’re unlucky) when something goes horribly awry.

To improve security, one must have a solid strategy in place, such as a Zero Trust strategy. This can reduce overall risk by mitigating the dreaded “whoops factor” as much as possible. Our report also noted that organizations claiming to have mature implementations of Zero Trust or Secure Access Service Edge (SASE) are about 35% more likely to report having a strong SecOps than those with developing programs. These results illustrate the many benefits modern architectures can bring to cybersecurity programs.

Get a bigger hammer to smash those threats
To protect the enterprise from potential malfeasance on the part of criminals, organizations must rely on the right tools to get the job done.

Ultimately, having a security team onsite will cut response times in half as mentioned above. Meanwhile, processes will help reduce the “whoops factor” and deliver the right tools to build out the Zero Trust and SASE architecture, further reducing the chances of something going wrong.

So, build it once…and build it right!

Just one piece of the puzzle
While timely incident response is important, it’s just one piece of building a world-class security practice. Our research suggests that there are five critical pieces to any successful security organization: a proactive tech refresh strategy, well-integrated technology, accurate threat detection, prompt disaster recovery, and, timely incident response.

While timely incident response is critical, a strong, confident team – even a small one – can deliver the same effective results as a larger one with more abundant resources. And once you’ve developed that library of repeatable processes, you’ll enjoy less overall risk, much better results, and world-class cybersecurity.

Sustaining Partners