From the point of view of Conscia’s Security Operations Center (SOC), 2022 confirmed the fact that managing cyber risks in business has become a daily routine. The “battle” between criminals and companies is ongoing. We highlight three good practices that will help organizations operate more securely and successfully in 2023.
Conscia’s SOC in 2022: Detection and response to cyber incidents in numbers
Conscia’s (NIL is part of Conscia Group) Security Operations Center (SOC) grew this year, both in terms of business volume (number of clients) and team capacity. This alone confirms the fact that the effective handling of cyber incidents is very important for the overall security of the business. Allow me to highlight a few numbers from Conscia’s SOC in 2022:
- More than 37000 security alarms that required a review by a security analyst,
- More than 3500 confirmed malicious activities and limited incidents,
- Tens of new clients from across the Europe,
- Upgrade of the core managed detection and response service (MDR),
- SOC team growth: We hired T1 and T2 SOC Analysts and invested in additional competencies from the areas of Threat Hunting, PlatOps, Purple Teaming, Analytics Creation and Detection Tuning, Threat Intelligence,
Together with our Incident response team, we intervened in 5 extremely serious incidents. This means that the companies were forced to cease operations for a while due to the cyber incident. I am extremely proud that we have managed to identify, isolate, and prevent the attacks from causing bigger business damage.
All these statistics emphasize the importance of efficient detection and incident management for stable businesses. We’re confident that it will remain so. That is why we would like to share some “New Year’s resolutions” that will help you efficiently fight cyberattacks in 2023.
Cyber defense best practice examples in 2023
In the upcoming year, Conscia’s SOC will pay most attention to the development of top personnel and technologies mainly in the areas of security orchestration, automation, and increasing security incident response capabilities.
Most companies cannot afford their own internal SOC, yet their “blue teams” still have to fight against cybercriminals daily as best as they can. To make work in such circumstances easier and more efficient, I recommend the following good practices:
- Identifying the root cause of the attack or the entry vector of compromise is key: Once we confirm a security incident, let’s not rush into decisions. Errors in this step can reduce the effectiveness of the subsequent response. A typical procedural mistake is to immediately restore the affected systems to the state before exploiting the critical flaw, without first confirming the actual cause of the attack and taking care to properly protect the evidence. Restoring an infected system (without investigation and remediation) gives a motivated criminal a new opportunity to attack.
- The already established preventive measures define the efficiency of detecting security deviations and defense success. If you do not have measures, implement them: In organizations with reduced preventive capabilities to protect and harden information systems, the effectiveness of detection and response is also lower. Lax implementations of security policies give criminals more room to disguise attacks in legitimate business communication channels. The ability to unambiguously detect cyber incidents is significantly higher in information environments with established technical controls (e.g. limiting privileged users, assigning access and rights according to the principle of zero tolerance, etc.).
- Detecting efficiency and other security operations can become hindered without an integrated security visibility. Invest in visibility and identity protection. In the future, attackers will pay a bigger focuson compromising the identities, systems (e.g. workstations, servers, data warehouses), and information assets in the cloud. Comprehensive security visibility of all IT ecosystems (not only the network, but preferably identities, endpoints, and cloud services) is therefore absolutely necessary in security operations.
We firmly believe that these measures will significantly help you in 2023 to have a more secure and consequently more successful business.
If you need help with the comprehensive management of cyber risks, Conscia’s experts are here to assist. Conscia will continue to invest in capabilities that help our customers efficiently protect their businesses against cybercrime.