Keeping your business protected: Building a resilient security team

Sean Campbell, Director Canadian Channels, Fortinet

Cyber Security Month offers channel partners a convenient opportunity to talk to current and prospective customers about ensuring their devices, assets, teams and data are all protected from cyberattacks. 

In an environment where the cybersecurity landscape is rapidly changing and the number of adversaries is growing exponentially, executives can’t afford to be complacent. Strategies that worked five years ago are far less effective against the sophisticated and frequent attacks organizations face today. Coupled with a global cybersecurity skills shortage, it is no surprise security operations centers (SOC) are feeling the squeeze. 

Globally, unfilled cybersecurity jobs may have dropped by 400,000 in 2021, but there are still close to 2.72 million positions left unfilled. With limited access to skilled cybersecurity professionals, critical security roles can go unfilled, leaving organizations of all sizes very vulnerable.

Channel partners are well positioned to help organizations build a more resilient security team. A robust cybersecurity strategy begins with a powerful SOC. When skilled professionals are hard to find, ensuring employees have access to practical training and advanced, integrated solutions offers the best path to strengthen the bench against new and emerging cyber threats. 

Help customer support the team they have 

Organizations face a troubling balancing act. They have an evolving threat landscape with more sophisticated adversaries. A cyber skills shortage makes it hard to find and retain skilled professionals, and defenders are hard-pressed to manage the influx of alerts from an expanded, multi-edge network.  

Yet, having a SOC that can quickly detect, investigate, and respond to incidents is critical to a strong security stance. Improvements to defensive cybersecurity processes can help support the work of security analysts by providing better visibility and rapid response solutions. 

For example, organizations that invest in the convergence of security and networking can provide greater visibility, making it easier to identify suspicious behaviours across the network. In addition, when multiple point products are integrated using a mesh platform such as Fortinet Security Fabric, organizations can take advantage of comprehensive real-time cybersecurity protection that spans users, devices, and applications. 

Encourage customers to evolve their strategies

Channel partners can help customers further evolve their security solutions to take a proactive and adaptive approach to cybersecurity through artificial intelligence (AI) and machine learning (ML). With the high volume of action threats, automation and artificial intelligence can support security analysts by identifying the relevant security data and streamlining response activities, especially with network detection and response (NDR) paired with self-learning AI.

Channel partners are also finding success bringing deception technology to customers to “deceive” attackers into engaging on a network that mimics an organization’s sensitive assets (files, creds, apps, servers). Combining the concept of a “honeypot” with threat analytics and mitigation allows security teams to analyze attackers’ behaviour safely.  

Invest in your team 

Continuing education opportunities are another way organizations can develop and retain their cyber security teams. Fortinet’s recent 2022 Cybersecurity Skills Gap Report showed that 95 per cent of organizations surveyed believe technology-focused certifications have a positive impact and that 91 per cent were willing to pay for an employee to obtain one.

Channel partners can aid customers in accessing training with programs like Fortinet’s Training Advancement Agenda (TAA) and Training Institute. SOC teams need continuous training that helps them quickly detect suspicious behaviour, then contain and eliminate threats. It is also imperative that organizations introduce and maintain an Incident Response Plan (IRP). Regularly running the IRP ensures that the policy objectives and roles remain effective even as networks and threats evolve. 

Organizations can also supplement their team by investing in incident readiness subscription services to help them prepare for a cyber incident through readiness assessments, playbook development, and tabletop testing. Other available services include digital risk protection services (DRPS) to help monitor the attack surface and identify relevant threats earlier and emergency incident response services for a rapid and effective response when an incident is detected.

Finally, end-users should never be forgotten when considering training implementation. Cybersecurity awareness training can turn every employee from a potential risk to a line of defence against cyber attacks. Many organizations, including Fortinet, offer awareness training services designed to help employees understand the threat landscape and user actions that could make the organization vulnerable to cyberattacks.

A cyber-aware workforce understands and fulfills security responsibilities to improve an organization’s risk profile. Securing data, assets, and networks requires training for all employees and regularly testing security processes. Channel partners should look for opportunities to deepen their relationship with customers with over-burdened corporate security and IT teams. They can offer tangible solutions through products and services that bolster customers’ security stance, relieve overworked security analysts, and turn all end-users into defenders. 

Sean Campbell is Director, Canadian Channels at Fortinet