{"id":130641,"date":"2023-06-28T09:00:00","date_gmt":"2023-06-28T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=130641"},"modified":"2024-09-12T14:05:38","modified_gmt":"2024-09-12T21:05:38","slug":"how-automation-is-evolving-secops-and-the-real-cost-of-cybercrime","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/06\/28\/how-automation-is-evolving-secops-and-the-real-cost-of-cybercrime\/","title":{"rendered":"How automation is evolving SecOps\u2014and the real cost of cybercrime"},"content":{"rendered":"\n
This post is coauthored by Rob May, Founder and Managing Director, ramsac<\/em><\/p>\n\n\n\n The security community is continuously changing,\u00a0growing,\u00a0and learning from each other to better position the world against cyberthreats. In\u00a0the\u00a0latest post\u00a0of\u00a0our Community Voices\u00a0blog\u00a0series,\u00a0Microsoft Security<\/a><\/em><\/em>\u00a0Senior Product Marketing Manager\u00a0<\/em>Brooke Lynn Weenig<\/em><\/a>\u00a0talks<\/em>\u00a0with<\/em> ramsac Founder and Managing Director <\/em>Rob May<\/em><\/a>, who gave a TED Talk called \u201cYour Human Firewall: The Answer to the Cyber Security Problem.\u201d The thoughts below reflect Rob\u2019s views, not the views of Rob\u2019s company or Microsoft, and are not legal advice. In this blog post, Rob talks about security operations (SecOps)<\/a> challenges and how automation can address them, and shares phishing attack protection strategies.<\/em><\/p>\n\n\n\n Brooke<\/strong>: What are the biggest challenges in SecOps?<\/strong><\/p>\n\n\n\n Rob<\/strong>: SecOps is the team responsible for the security of an organization’s IT infrastructure, and for monitoring and responding to security threats and implementing security controls. One challenge for SecOps professionals is keeping up-to-date on the latest trends and tactics used by cyberattackers because threats to security are constantly evolving.<\/p>\n\n\n\n Another challenge is alert fatigue. Security teams are bombarded with alerts from their monitoring tools, and this can make it difficult to identify and respond to real threats. Many of the alerts that security teams receive are false positives that waste time and resources that could be better spent responding to real threats. In the industry, we talk about the utopia of having a single pane of glass that we can look through and get a view of everything. The reality is, in lots of organizations, they are not achieving that.<\/p>\n\n\n\n Balancing security with business needs is always a challenge. Security measures can sometimes conflict with the needs of users in the business, such as usability and accessibility. Professionals have to balance security needs with business needs so that security measures do not get in the way of productivity. Security teams often lack the resources to do their jobs effectively, and that might be budget, staffing, tools, or incident response training.<\/p>\n\n\n\n When a security incident occurs, SecOps professionals have to act quickly to investigate and contain the threat. Organizations are subject to a whole range of regulatory requirements depending on their geography and industry, and that can be complex and time-consuming to maintain. A SecOps professional has to think critically, work under pressure, and stay up-to-date with the latest trends and technologies in order to be successful in their role.<\/p>\n\n\n\n Brooke<\/strong>: Can automation help address any of these challenges?<\/strong><\/p>\n\n\n\n\n\n Rob<\/strong>: Definitely. Automation is a powerful tool in SecOps that helps reduce the workload on the team and improve the efficiency and effectiveness of SecOps generally. An automated incident response system can detect unusual activity on the network and take action to contain and remediate that threat. Or it might detect an impossible activity, such as if you spent the day in the office in London and half an hour later, it appears that you are trying to log in in Russia.<\/p>\n\n\n\n Vulnerability management automation can be used to identify vulnerabilities, systems, and applications, prioritize them based on risk, and recommend remediation actions. Threat intelligence<\/a> can help gather, analyze, and act on threat intelligence data from various sources, including open-source feeds, dark web forums, internal security logs, and compliance monitoring.<\/p>\n\n\n\n We can help ensure compliance with regulatory requirements and internal security policies by continuously monitoring systems and applications for compliance violations and security testing. We can use automation to conduct regular security tests such as penetration testing and vulnerability scanning to identify potential vulnerabilities and weaknesses.<\/p>\n\n\n\n Automation is not a replacement for human expertise and judgment. They go hand in hand. Automation helps improve the efficiency and effectiveness of security operations, and experienced SecOps professionals interpret what it is saying and act on the data provided by the tools.<\/p>\n\n\n\n Brooke: Have you seen a change in sentiment towards automation in the industry?<\/strong><\/p>\n\n\n\n Rob<\/strong>: If you leave everything to automation, it has more potential to go wrong. For instance, if it detects something and blocks someone out of their account, and there is no human getting involved for a sanity check, all it is going to take is somebody in the C-suite not being able to do their job when they need to for them to think, \u201cOh, this is rubbish.\u201d<\/p>\n\n\n\n Of course, it is not rubbish. It is an incredibly powerful tool. We just need to be able to interpret that as well. If I look at my own business and how we use something like Microsoft Sentinel<\/a>, it is a positive thing, but we have used automation to take all the legwork out of it. A very large number of data incidents can be looked at to flush out a much smaller number that then is then investigated. There is no way you could do that without automation<\/a>. Without a doubt, it is a game-changer.<\/p>\n\n\n\n Brooke: What does it mean to be a \u201chuman firewall?\u201d<\/strong> <\/p>\n\n\n\n Rob<\/strong>: The human firewall is the collective efforts, behaviors, and habits of the people within an organization. Many commentators say that when it comes to cybersecurity, people are our weakest link. My view is that it is essential that we also consider the flip side of that coin, which is that people are also our greatest strength. We need to ensure that we give everyone the right training, awareness, tools, and policies to stay as safe as possible. If your people are not cyber-resilient, neither is your business.<\/p>\n\n\n\n Brooke: What is the real cost of cybercrime? <\/strong><\/p>\n\n\n\n Rob<\/strong>: This question can be answered in a number of different ways. In terms of monetary value, the numbers are huge. I read one report recently that suggested that if the worldwide cost of damages caused by cybercrime was a country (measured in gross domestic product), it would be the third largest economy in the world after the United States and China.<\/p>\n\n\n\n The other way of answering the question is to look at all the associated impacts of cybercrime. This includes the direct costs of responding to an attack, including the investigation, remediation, and repair. Then, there are indirect costs, such as lost business, loss of productivity, reputational damage, emotional harm experienced by the Chief Information Security Officer and company officers, and other things like the resultant increase in insurance premiums (which can be significant).<\/p>\n\n\n\n Brooke: What variants are you seeing with phishing attacks today? How are they getting smarter and how can people and organizations protect themselves from these attacks? <\/strong><\/p>\n\n\n\n Rob<\/strong>: Phishing attacks come in many different forms, but common variants include:<\/p>\n\n\n\n Cybercriminals are using more sophisticated tactics for their phishing attacks to make their messages seem more legitimate. For example, attackers may use social engineering techniques to create a sense of urgency or to create a false sense of trust. They may also use advanced malware and other tools to bypass security measures and gain access to sensitive information.<\/p>\n\n\n\n To protect against phishing attacks<\/a>, individuals and organizations should take a number of steps:<\/p>\n\n\n\n By taking these steps, people and organizations can protect themselves against the growing threat of phishing attacks.<\/p>\n\n\n\n To learn more about Microsoft Security solutions, visit our website<\/a>. Bookmark the Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security<\/a>) and Twitter (@MSFTSecurity<\/a>) for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":" ramsac Founder and Managing Director Rob May shares insights on how automation can support SecOps and how to protect against phishing attacks.<\/p>\n","protected":false},"author":162,"featured_media":130643,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3678,3683,3684],"products":[3690,3700,3698,3854,3720,3726],"threat-intelligence":[],"tags":[],"coauthors":[3186],"class_list":["post-130641","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-multifactor-authentication","topic-security-management","topic-security-operations","products-microsoft-defender","products-microsoft-defender-for-business","products-microsoft-defender-threat-intelligence","products-microsoft-incident-response","products-microsoft-security-experts","products-microsoft-sentinel","review-flag-alway-1694638263-571"],"yoast_head":"\n\n
\n
Learn more<\/h2>\n\n\n\n