close
close

Cyber ​​​​Defense – a must for compliance

Given the growing threat of cyber attacks, it is essential to strengthen your own resilience. Regulations such as NIS2 require this. This is a challenge for many companies. A Security Operations Center (SOC) plays a central role.

Companies are faced with a growing threat landscape. The reasons are varied, in particular the increasing digitization, networking within the supply chain, cloud use, remote work and new technologies are responsible for this. The highest level of danger has been reached. Cyber ​​attacks are among the greatest operational risks to companies.

Cyber ​​​​Security is a top priority

But there are also positive developments visible: awareness of the urgent need for cyber security has grown. Many companies – including at the level of top management, executive board and board of directors – have invested in increased security measures. And rightly so.

Cyber ​​​​Defence: a must for compliance

Especially because increasingly strict national and international regulations and compliance requirements such as CRA, DORA, DSG/DSGVO, FINMA or NIS2 require Swiss companies to continuously optimize their cybersecurity. Cybersecurity is more than just a legal requirement, but a strategic necessity for every organization.

NIS2 Regulation and its objectives

The EU's NIS2 Directive is designed to create a better common level of cyber security and, in particular, to strengthen the cyber resilience of critical infrastructures (KRITIS). Failure to comply will result in massive sanctions. Not to mention that cyber incidents cause damage that threatens the existence of companies and results in a massive loss of reputation.

Detect, defend against and remain able to act against cyber attacks

Operational resilience against cyber attacks is coming into focus. It includes detecting and responding to attacks, dealing with them, ensuring business continuity and quickly restoring the ability to act. Companies are required to have emergency and crisis management, incident response plans and the detection and response to cyber attacks.

IT and security managers of Swiss companies should ask themselves the following questions:

  • Are you aware of the cyber threat situation?
  • Do you know the regulations that apply to your company?
  • Do you detect cyber attackers in your network?
  • Are you able to fend off cyberattacks 24/7 before any damage is done?
  • Can you respond to cyber attacks immediately?
  • Can you regain your ability to act in a timely manner?

SOC & MDR are the magic words

The answers to these questions and all the necessary and sought-after skills are brought together in a dedicated Security Operations Center (SOC). This is where the successful interaction of people, tools and processes is bundled and helps companies to protect themselves efficiently and effectively against cyber attacks. The successful basis for this is often and rightly a 24/7 Managed Detection & Response (MDR) service, which provides comprehensive protection around the clock.



The requirements for a Security Operations Center are complex and multi-layered.

Source: InfoGuard

Challenge: Skilled labor shortage and reduced budgets

Our experience and the feedback from numerous companies show one thing: The need for a SOC and integrated MDR service is recognized and seen as the optimal solution. However, it represents a major challenge for many companies. The crux of the matter is recruiting the appropriate specialists. On the other hand, setting up and operating a SOC 24/7 represents a considerable investment and requires security experts with many years of experience, well-established processes and leading technologies. An undertaking that many companies simply do not want to – or cannot – afford.

Make or buy

The requirements for a security operations center are complex and multi-faceted. It must be able to detect, analyze, evaluate and respond to cyberattacks around the clock. And start the incident response process if an incident occurs. When making a make-or-buy decision, three questions are of central importance for companies:

  1. Do you have the skilled workers and are they available 24/7?
  2. What technological solutions and processes do you need in your company for successful cyber defense and immediate response to a security incident?
  3. What does implementation and operation cost your company?

Experience shows that having your own SOC is a major undertaking and at the same time a financial burden that should not be underestimated. It is worth considering outsourcing this demanding task and services to a professional, experienced managed detection and response service provider or outsourcing subtasks in the form of a co-managed SOC.

Integrated CSIRT as a success factor

The top priority is round-the-clock monitoring of the entire infrastructure. An integrated Computer Security Incident Response Team (CSIRT) is essential for this. In the event of a security incident, these specialists are responsible for quickly restoring your ability to act and thus minimizing the business impact. Experience is particularly important for incident responders. External specialists play a central role in the crisis team, coach companies, lead forensic investigations, take over interaction with the authorities, support crisis communication and conduct all necessary negotiations with cyber criminals.

Whether make or buy – it has to be safe

No matter which solution you choose, whether you take on cyber defense yourself or entrust it to a professional security service provider: the key factor is choosing agile security solutions. And it requires perfect coordination of the three components of people, process and technology.

Time is running out. To return to the new NIS2 directive: these must be implemented by the (affected) companies by October 2024. Companies are well advised to bring in external cybersecurity experts to successfully implement the requirements and to consider the use of a SOC.

The author

Ernesto Hartmann is Chief Cyber ​​​​Defense Officer at InfoGuard AG