Whether it’s a hospital saving lives, an energy plant generating electricity to provide air conditioning during scorching summers, or a bank protecting the life savings of families, every organization has a core mission to perform.
Cybercriminals, unfortunately, know exactly how to bring any organization’s mission to a screeching halt and cause major devastation.
While the proliferation of ransomware and malware attacks has been a hot-button issue for quite some time, recently the ease of monetizing these attacks has raised the stakes. Thanks to a landscape designed for cryptocurrencies to thrive, combined with novel attack vectors via remote workers and trusted third parties, the life of cyberdefenders has become very difficult. Deploying a managed detection and response (MDR) solution may reduce the burden for security teams and ease the worries of C-suite executives.
A survey conducted by Critical Start and IDC, in fact, found just how impactful an MDR service can be. One major discrepancy revealed by the survey is a broad misunderstanding of a core issue—we’re not struggling with a detection problem; we’re instead dealing with an alert fatigue problem. Any security team will tell you there’s no shortage of alerts detected; the real challenge is the inability to investigate them. Indeed, the survey found that nearly 30% of critical alerts from companies are either ignored or otherwise unable to be investigated, and this number doesn’t even take into account that most organizations are already ignoring the noncritical alerts. In a world where the cyberattack news cycle dominates headlines almost every day, this is a disturbing statistic.
Heading into the new year, the costs of cybersecurity are a major concern in the boardroom, according to the survey. Conversations at this level center around metrics like MTTD and MTTR, which demonstrate the effect of alert fatigue on an organization’s ability to detect and respond to attacks. To the board, the time spent hunting down false positives represents a negative return on investment in security tools. In fact, the survey found that 58% of boardroom discussions are dominated by productivity loss from security events.
On top of that, there’s an overwhelming amount of noise in the security product and platform market right now. Buzzwords and trending terminology generate a lot of clamor, and a catch-all solution sounds tempting to executive decision makers when attacks are rampant. Buying into it all isn’t an effective strategy for real threat protection and mitigation, however.
This is where an MDR service can alleviate some of the disconnect between the help security personnel need and the budgets boards are willing to designate for security. MDR appeals to the CISO and the rest of the C-suite because it frees them to focus on the key business functions rather than how the organization is chasing down alerts, as all the “blocking and tackling” is performed by a dedicated team whose core purpose is to shut down cybercriminals.
This isn’t just all talk. The survey also found that organizations whose security teams deploy an MDR service investigate significantly more alerts than those that don’t. MDR providers are 42% more likely to take the entire detection, containment, and response function all the way through to completion than their counterparts that utilize just managed security services, thanks to round-the-clock monitoring and mitigation capabilities.
Implementing an MDR solution can also lead to better cost-efficiency, which would further ease boardroom worries, as companies have access to more streamlined utilization of security resources while taking much of the burden off employees. As we begin 2022, it’s inevitable that smaller companies with fewer resources and staff to allocate toward security will continue to be the low-hanging fruit for attackers. With MDR solutions in place, organizations can get their alert-chasing time back and better position their infrastructures to stay ahead of today’s threat landscape.
ROB DAVIS, CISSP, is CEO of Critical Start, a provider of managed detection and response services.
