SEC’s new cybersecurity rule and its impact on security operations

The U.S. Securities and Exchange Commission (SEC) has kept cybersecurity at the core of the public company governance process. With the new rule, public entities in the U.S. have to disclose material information about cybersecurity risk management, strategy, and governance annually. The new rule also requires comparable disclosures of foreign private issuers. In their annual report, organizations must disclose information on their cybersecurity risk management processes, including incidents that are “material” to the company, within four days of determining if the incident was material.

The objective is obvious: organizations must report more incidents within the defined period. These new rules drive organizations first to find the incidents and, second, reduce material incidents. This encourages them to look for modern automated ways of securing their operations and protecting the environment while safeguarding investors. As per IBM’s 2022 data security report, it takes an average of 277 days, or close to nine months, to contain an incident and identify a breach. It has been observed that stolen or compromised credentials – among the biggest causes of a data breach – take 327 days to identify. In 2023, the global average cost of a data breach was USD 4.45 million, marking a 15 percent increase over three years.

The solution may lie in next-gen AI/ML-based Managed Detection and Response (MDR) services, which are best complemented by human knowledge, resulting in faster time-to-respond and reduced resolution time. A consolidated and simple framework can be followed to yield the best result from your security operations center ( SOC) with the following pointers in mind:

1. Platform consolidation: In a typical enterprise environment, we see more than 70 different security tools working for various purposes. All tools provide individual views but work in silos without giving enterprise-wide visibility. The MDR platform solves this by providing the organization a single-pane-of-glass view of their security risk and threat posture, combining intelligence from machines, networks, cloud, applications, point solutions, management pane, etc., thus providing contextual, meaningful information about the risk present in the environment.
    
2. Automated SOC operations: The building block of an SOC operation is to automate security playbooks. This means that the playbooks must be integrated with workflow processes and security tools so that they can be deployed efficiently. This reduces response time to any incidents that occur.
    
3. Automated incident response: Automation begins with monitoring security alerts and incidents at the MDR layer to respond with pre-defined incident response (IR) processes, allowing the SOC team to focus on proactive yet adaptive threat-hunting. A few examples are finding malicious IP, creating a ticket at JIRA, blocking IP at the firewall, and then updating the ticket with a resolution.

When looking for an MDR solution, look for the solution that can best fit your organization's needs. We know that cyber threats continue to rise using different modes and techniques, so make sure your MDR services can stand the test of time.