- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Challenges for SME Organizations regarding Security Operations
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Challenges for SME Organizations regarding Security Operations
With security operations, we refer to the security activities themselves. In other words, not the people who draw up policy, carry out risk analyzes and implement awareness campaigns. It revolves around the experts who are specifically responsible for implementing technical security measures, ensuring the correct configuration of these measures and monitoring that they are active. A security operator is someone who detects when a set security measure gives a warning and then investigates the warning. Are there no warnings? The security operator then “hunts” for vulnerabilities or suspicious behavior that had not been noticed before.
Unfortunately, it's all too common for organizations to purchase advanced security tools but not have clear protocols in place for handling the alerts generated. This results in the organization only having a tool that generates notifications, without actually significantly improving the security of the organization.
Large corporate companies usually have their own IT team that is responsible for basic IT tasks. Ideally, such an organization should have a specialized security department within that IT team, or outside of it.
Organizations in the small to medium-sized segment usually do not have an extensive IT department. In the best case, an SME organization has some employees responsible for IT, but they often rely heavily on external parties.
When external expertise is called in, one IT partner is usually responsible for managing the basic IT, and is, for example, very good at Microsoft365. However, this does not automatically mean that this partner is an expert in the field of security. And if an SME has specific questions about cybersecurity, such as investigating suspicious activities in the network, this often falls outside the scope of their services.
SME organizations and smaller healthcare and government institutions therefore often face the following challenges:
1. They usually have limited opportunities to gain in-depth insight and make their own substantive assessment of the activities within a SOC.
2. Due to tight labor markets, they are often forced to outsource these activities.
3. Due to a lack of knowledge or experience, they tend to follow outdated best practices when procuring SOC services, often established by IT consultants operating in environments with tens of thousands of employees.
In situations where these activities are already performed internally, there is a good chance that they will be assigned to someone with broader IT tasks, whether that is someone within or outside the organization. However, this creates the problem that these tasks are considered secondary. An additional consequence is that security operations are most likely not carried out, not well or not on a consistent basis, mainly due to a lack of time and expertise.
Carrying out security operations goes beyond simple technical skills. It requires specific expertise and in-depth knowledge of advanced attack methods and insight into attackers' methods, which are also continuously evolving. Only with this expertise and knowledge can suspicious activities be identified, thoroughly investigated and effectively countered. The following questions are essential for a thoughtful approach:
• Does your organization have the necessary budget to deploy dedicated staff for this task?
• Are you able to attract individuals with the right competencies and background to perform these specialized tasks?
For many SMEs, it appears to be a significant challenge to answer the above questions positively. In an extensive SOC, multiple security professionals work together on diverse and complex tasks. This collaboration enables larger organizations to respond quickly and purposefully.
However, for smaller organizations this is often not feasible. The limited scale and resources make it difficult to operate in the same way. It can be impossible to compete with larger players when only one alarm is recorded per month within a smaller institution.
When considering outsourcing, it is important not to act hastily. Many SOC services are pricey, especially for smaller organizations. A sensible approach is to first analyze your organization's needs and then select partners that provide solutions that fit your budget and needs.