5 Mistakes Cyber Security Teams Make – And how to Fix Them

Kerry Matre is Senior Product Marketing Manager, Services, for HP Enterprise Security Products.

Does it seem like you’re hearing about a new, high-profile security breach every time you check the news? It might lead you to wonder if hackers are getting better or if security teams are getting worse.

As we noted in HP’s recent Cyber Risk Report, cyber hackers are more sophisticated and their effects are more devastating than years past, but that’s not the only factor in play. Hackers now take advantage of the adversary marketplace to more easily breach defenses, putting even more responsibility on security teams to prevent and resolve breaches.

Based on an analysis of Security Operations Centers (SOCs) reported in HP’s State of Security Operations white paper, I’ve compiled the top five mistakes companies make that can compromise security, as well as solutions for mitigating those risks:

1. Mistake: Lack of organizational support
Breaches can be better predicted when the SOC team has the full context of the security landscape. If your organization doesn’t support the SOC by sharing key information with the right people, your security team could miss threat indicators.

Solution: Align organizationally
The SOC should include the dream team— representatives from security information and event management (SIEM) content development, forensics operations, security monitoring and analysis and enterprise security services.

2. Mistake: Over-reliance on technology
Organizations often spend most of their security budget on technology, rather than prioritizing necessary hires or training support.

Solution: Establish and keep the right skills
Providing the appropriate training and sustainable staffing levels will ensure that your security team can properly analyze large volumes of event data and avoid burnout.

3. Mistake: Basics are overlooked
The basics of IT security are extremely important, but commonly neglected. These include asset management, user ID administration, information classification and vulnerability management.

Solution: SIEM rollout basics
Establish foundational security analysis protocol and process. Train your SOC team to consistently follow said protocol and process.

4. Mistake: Inappropriate task assignment 
SOC team members cannot perform to their best potential when they’re assigned a heavy, unbalanced load of administrative tasks. 

Solution: Task rotation
The mission of a SOC should be clearly defined and not diluted by non-core activities. SOC core activities should include security event triage, analysis and event escalation, and these tasks should be parceled equally in a rotating schedule.

5. Mistake: Focus on compliance 
It’s important to remember that compliance does not automatically equal security.  Checking the boxes of your organization’s security plan may be necessary, but effective detection does not result from compliance alone.

Solution: Focus on training
Continual training of your SOC team will re-focus their efforts on preventing attacks, rather than going through the motions. Training allows teams to be flexible, agile and able to keep up with the changing security landscape.

Hackers keep honing their techniques, and inflexible organizations will not be able to keep up with evolving threats. If your SOC is guilty of one of these mistakes, now is the time to change. Investing in training and proper staffing of SOCs enables consistency, can lower cost and will be indispensable to your business. See the Cyber Risk Report and the State of Security Operations white paper to learn more.