Like most other organisations, you’ve probably spent money on cyber-security products in the hope of being better protected against today’s complex threats. However, you may have realised that it’s not just about buying tools but having the time and skills to use them, and you wouldn’t be alone in thinking this. What is that missing piece of the jigsaw that would make your organisation more secure?
In my previous articles, I wrote about how the threat landscape is now incredibly complex for housing providers (and others) to understand. Gone are the days when investing in superior endpoint solutions and keeping up-to-date with new virus identities was enough to avoid most attacks.
In this new ‘hands-on’ era of cyber-crime, threat actors access organisations’ IT systems by stealth, often using legitimate tools and tactics to move around networks undetected. By the time IT staff detect a breach, it’s often too late to avoid severe disruption and loss of data. This is especially worrying for smaller technology teams juggling many aspects of IT.
In the case of housing providers, implementing and supporting digital transformation initiatives is likely to occupy considerable staff time. And because cyber-security is now a 24/7/365 concern, it’s unlikely that your staff want to be monitoring your network overnight or at weekends. These are the times when astute cyber-criminals, who may have been lying low in your network, often choose to unleash their attack – a bit like thieves waiting until you go on holiday to burgle your house. It’s a big ask to expect over-stretched IT generalists to cope with complex cyber-security issues. As a consequence, housing providers of all sizes are increasingly turning to managed detection and response (MDR) services to bolster their IT teams.
When you buy an MDR service, you are hiring the expertise of a remote team of cyber-security specialists to help you search for, analyse, monitor and neutralise threats that technology alone can’t prevent. Instead of reacting to a breach, these teams are proactive in detecting malicious behaviour that could remain undetected and cause a disruptive, costly and reputation-damaging cyber-attack.
For example, at the time of writing, Clarion Housing’s cyber-attack that began in June 2022 continues to attract negative media attention. Tenants report that they can’t communicate with the organisation by telephone and Clarion’s website says it is still restoring its systems.
From Sophos’s perspective, we can work with you to provide an MDR solution adapted to your needs, regardless of the technologies you’ve chosen for your endpoints, servers and firewalls. Our service now integrates seamlessly with your existing security environment, whether you’re using a variety of solutions from different vendors or exclusively our own solutions.
Our skilled threat hunters can help you to find the real threats which need to be dealt with among all the noise because they’re very familiar with cyber-criminals’ tactics, techniques and procedures.
And threat notification isn’t the end of the engagement; it’s the starting point. Our team works with you to take action to resolve the issue by identifying the root causes. We do the legwork but you own the decisions; you control how and when potential incidents are escalated, what responses and actions (if any) you want us to take and who to include in communications.
Staffing and resources
When considering whether to buy an MDR service like ours, you need to ask whether your organisation can employ sufficient skilled cyber-security staff to proactively monitor threats around the clock. One of our customers in Scotland said recently that our MDR solution, “saves us the expense of recruiting up to five new employees to take on this work. Sophos also frees up our IT teams to undertake more proactive tasks instead of being drawn into managing security challenges.”
With Sophos MDR, you’ll be in good hands. More organisations (over 12,000 and counting) trust Sophos for MDR than any other vendor, and we’re rated 4.8/5 by Gartner’s ‘Peer Insights’. In addition, cyber-insurance companies now often require organisations to have numerous cyber-controls in place to issue policies; hiring an MDR service can help you tick all their boxes as well.
At Sophos, we can provide a bespoke MDR service for any housing provider’s environment to deliver superior security outcomes and give you peace of mind.
Jonathan Lee is the director of public sector relations at Sophos.