FEATURE : SOC

Most security operations centres ( SOCs ) function around the clock , with employees working in shifts to constantly log activity and mitigate threats . Prior to establishing a SOC , an organisation must define its cybersecurity strategy to align with current business goals and problems . Industry pundits look at SOC adoption type of IT and cybersecurity skills needed and organisations that are using SOC services across the continent . By Manda Banda .

The overarching strategy of a SOC revolves around threat management , which includes collecting data and analysing that data for suspicious activity in order to make the entire organisation more secure . Raw data monitored by SOC teams is security-relevant and is collected from firewalls , threat intel , intrusion prevention and detection systems ( IPSes / IDSes ), probes and security information , and event management ( SIEM ) systems . Alerts are created to immediately communicate to team members if any of the data is abnormal or displays indicators of compromise ( IOCs ).

According to the 2020 IBM XForce threat intelligence report , cyberattacks on healthcare , manufacturing and energy doubled from the year prior , with threat actors targeting organisations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains .

In the Middle East and Africa ( MEA ) region , data theft and data leak were by far the most common attack types , accounting for a significant 29 % of attacks . Server access , ransomware and credential theft all tied for second place , representing 14 % of attacks each . Attackers in the region also continued to gain access to systems through Remote Access Trojans ( RATs ) and misconfiguration , while insider incidents also affected organisations across MEA .

Sheldon Hand , Data and AI , Automation and Security Business Unit Leader , IBM Southern Africa , said security is top of mind for all organisations across the continent . Hand said the COVID-19 pandemic has had widespread impact and the continent is also faced with a growing remote workforce which results in sensitive data moving across less controlled environments with limited network visibility , making it more vulnerable to data breaches . “ These are shifts affecting the continent and facing many organisations no matter where they are located in Africa ,” he said . “ In 2020 we also saw cyberattacks evolve as threat actors sought to profit from the unprecedented socioeconomic , business and political challenges brought on by the COVID-19 pandemic .”

Mike Walters , President , Action1 Corporation , said infosec professionals should pay considerable attention to the development of an efficient patch management policy . “ It is essential that the SOC team gets information about the latest software updates in realtime and is able to install them immediately after they are released by a vendor . Ideally , this procedure should be automated . A delay in patching critical vulnerabilities can cost too much for SOC ’ s customers ,” he said . “ A recent example of such a critical vulnerability is multiple 0-day exploits in Microsoft Exchange Server that has affected 18,000 organisations worldwide . In that case , lags in patching vulnerable servers had a disastrous impact on businesses .”

State of SOC adoption

Like the overall cybersecurity maturity , the state of the SOC market varies from region to region . For example ,

34 INTELLIGENTCIO AFRICA www . intelligentcio . com