Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Modern KPIs for effective cybersecurity

1 September 2018 Information Security

By Martin Potgieter, technical director at Nclose.

Faced with increasingly frequent and sophisticated cyber-attacks, enterprises are scrambling to put technologies and processes in place to effectively detect and combat cyber risks. Research by Symantec found that ransomware attacks increased by 36% in 2017 following the introduction of more than 100 new malware families. In its annual Data Breach Year-End Review, the Identity Theft Resource Centre found there was a total of 1 579 publicly disclosed data breaches in 2017, a 41% increase over 2016.

Martin Potgieter
Martin Potgieter

Despite this, PwC’s 2018 Global State of Information Security Survey found that 44% of respondents lacked an overall information security strategy. Amid rising fears of an increase in the volume and sophistication of cyber-attacks and the growing cybersecurity skills deficit, the lack of formal security strategy bodes ill for the global business community. Perhaps that is why 87% of enterprises say they need 50% more budget for cybersecurity, according to EY.

In response, many organisations have deployed a Security Operations Centre (SOC) to better protect critical information. The SOC offers an attractive value proposition: organisations were making costly investments into individual cybersecurity solutions, but the SOC would unify all the disparate elements and create a single access point where all security-related information would be sent and processed for insights and ensure compliance to regulations and laws governing their industries.

Unfortunately, many SOCs are purely compliance-driven initiatives that are not designed to detect and respond effectively to cyber threats. Core to the problem is that too many organisations believe cybersecurity is simply a technology matter: buy the correct mix of products and solutions, unify all the elements in the SOC, et voila! My data is secure; come what may, I am protected from cybercrime.

Security-in-a-box is not secure

Buying a piece of technology and expecting it to fulfil the role of a SOC is unwise. Cybersecurity is about much more than technology. There is significant interaction with the broader business needed to bring the value of a SOC to life. However, when SOCs are deployed there’s usually a large investment in various technologies and no engineering thereof, leaving the SOC with very little in the way of creative input to effectively detect suspicious activity.

The core of a SOC is security information and event management, which integrates various IT systems to process all data in a central point for deeper analysis. If suspicious behaviour or data is detected, an alert is sent to security analysts for further analysis.

However, in most enterprise environments there are millions, even billions of events that can trigger thousands of alerts. Here, the amount of data that can be used for analysis and investigation is limited by a per-GB pricing model that forces you to choose specific sources in an effort to contain costs. Alert fatigue also sets in, undermining the organisation’s response capabilities by leaving security analysts blind to actual threats to the business.

Global shift to MDR

Organisations in more developed markets have started adopting a new way of active threat detection and response: the Managed Detection and Response (MDR) model. According to Gartner, MDR provides organisations with 24/7 threat monitoring, detection and response services through a combination of technologies, advanced analytics, threat intelligence and human expertise to improve the way they detect and respond to threats and incidents.

MDR’s distinguishing feature, however, is its focus on dedicated security engineers supported by machine learning capabilities that provide real-time, continuous monitoring and threat detection. MDR craves information; it’s not limited by events-per-second, so costs are easier to control. And as human and machine learning capabilities work in concert to analyse data, organisations are far better placed to start developing trend analyses that can significantly reduce the number of false alerts and make far better use of available resources.

Considering South Africa’s growing cybersecurity skills deficit, having an external team of security engineers at hand plays an invaluable role in safeguarding the integrity of their security deployments.

KPIs for modern cybersecurity

But what should organisations look for when deciding which cybersecurity approach will work best for them? I would argue there are three critical KPIs that need to be considered, namely:

Visibility of threat coverage: organisations need to understand against which type of threats their security solutions will defend them. A process of threat coverage measurement needs to be undertaken, where a likely cyber-attack is broken into an attack chain, and then match available defences against each threat in the chain. This highlights vulnerabilities and equips chief security officers with insight into where they should deploy more resources.

Visibility of systems coverage: understanding where defences are currently active both at a network and geographical level. If you have defences on the endpoint but not at a gateway, the system is still vulnerable. Similarly, if your head office is well-protected, but a remote satellite office is vulnerable, it leaves the entire system open to threats.

Improved response capability: every organisation needs to have proper response procedures and capabilities in place. An incident response plan is critical, but it needs to be extremely detailed. However, the skills shortage and cost implications of having such skills in house means most organisations have vague response plans, if any. MDR plays a critical support role here: organisations gain access to the correct capabilities without having to employ expensive internal resources.

Constantly improving defence capability: static defences are no good in an environment of constantly evolving cyber threats. The defence capabilities provided by MDR should be constantly improving and evolving; it’s not something that should be switched on and left. The best results emerge from a process of defence engineering. Make sure your MDR partner can provide this.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.