Author: Marcin Mazurek – Director of Cybersecurity Dept. in Talex SA

CRN Polska published interesting results of the research carried out by Deloitte on the strategies used by financial institutions in the area of cybersecurity (https://crn.pl/aktualnosci/sposoby-na-lepsza-cyberochrone/).

The article contains, among others, information about a significant increase of the interest in cybersecurity issues among the management boards, which is not surprising in the context of the pandemic-related global trend of moving operations to the Internet and the resulting increased activity of cybercriminals.

It is worth mentioning here the results of statistical research provided by Fortinet which predict that in 2020 ransomware attacks will increase to the level of more than one billion cases ( during the years 2018-2019 there were about 600 million cases on average) and exceed the value of six billion stolen data records (some statistics claim that up to 26% of the records stolen since 2013 contained sensitive data from the GDPR/RODO point of view).

To return to the article in the CRN magazine, the information concerning the location of cybersecurity departments in the organizational structure of financial institutions may also be of interest. The author of the article declares that only 22 percent of institutions have a complete separation of their cybersecurity departments from IT departments, which seems reasonable in the context of seeking cost optimization. Certainly, assigning the cybersecurity tasks to current IT employees is an appealing perspective, especially since hiring a specialist with experience is not an easy task. It is estimated that at present Poland lacks at least ten thousand cybersecurity specialists, and some sources even mention the number of thirty thousand people. In the face of upcoming changes to the law on the national cybersecurity system, which is likely to significantly expand the group of entities subject to it, the task of recruiting employees will be even more difficult.

However, the concept of linking the cybersecurity department with an IT department has significant disadvantages. One can point out here, for instance, the threats resulting from the limitation of time and budget for cybersecurity for the sake of meeting deadlines and minimizing costs of projects carried out under the aegis of the common IT department.

Nevertheless, it seems that a more significant problem is the need, often indicated e.g. during ISO 27001 audits, to ensure the independence of entities detecting threats from entities that are subject to their control. It is of great importance to ensure objectivity and independence of services responsible for monitoring events and post-breach investigations. And what’s important about that is that, for example, according to the statistics provided by Verizon in the “2020 Data Breach Investigations Report” (https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf) as many as thirty percent of incidents related to a data leak were detected to include involvement of employees of a given company in the crime, and about half of them turned out to be employees of the IT department with administrative rights.

Perhaps the remedy to aforesaid problems, especially for smaller companies, is to outsource the monitoring and detection of cybersecurity incidents to external trusted institutions. Such a solution, particularly available in the cloud model, has the additional advantage of spreading the costs associated with the purchase of expensive software, hardware and team organization into low monthly instalments. In the most extensive offers there is even mention of SOC services for the cloud, i.e. SOCaaS (Security Operations Center as a Service). Depending on the level of the purchased service, you can get not only monitoring of events related to cybersecurity, but also a comprehensive service of active response to detected incidents and mitigation of their effects.

Source: Linkedin