4 cybersecurity gaps at services firms

It’s easy to worry about cybersecurity, but it’s harder to know what to do.

Professional services firms need cybersecurity that provides a foundation for effective operations and client confidentiality in a business where your value depends on your reputation. To cover all of the security exposures, some firms purchase and integrate a cluster of solutions over time. However, that can increase the risk of gaps and redundancies. Multi-product integrations can require substantial effort and coordination from specialists who know how to design and maintain the overall solution.

To ensure the security of your internal and client data, you need to understand and manage the potential cybersecurity risks.

1. Too many alerts = no alerts

The biggest risk of an outdated cybersecurity solution is the cost. People are expensive, and highly skilled people are very expensive. Beyond the people you’ll need to install a system, you’ll need people to monitor, investigate and respond to issues.

“Whether you're just starting out or you're starting to grow the firm through mergers and acquisitions, you need a lot of people: Folks that are going to staff the detections, perform the investigations and triage, conduct remediation and reach out to areas of the business,” said Grant Thornton Senior Manager Ross Durrer.

The staff cost can be high, even if everything operates at peak efficiency — and it often doesn’t. Given the quantity of threats, and the amount of relevant information surrounding each threat, users can feel like they are wading through an avalanche. False positives and meager context can mean that a lot of people spend a lot of time on tasks that didn’t need to be done or that aren't the best use of time. A superabundance of alerts can cause the people who are charged with responding to them to grow desensitized. This can lead to incident fatigue, where staff start dismissing alerts, possibly missing some true threats and risking the effectiveness of your security.

2. Silos are the status quo 

In many firms, the current cybersecurity system needs an upgrade. Security platforms are often siloed, and responders must use multiple tools to get results for an investigation. 

For a lot of security operations teams, most monitoring and logging and response are done out of a SIEM (security information and event management) or analytics tool, which is fed by separate EDR technology (endpoint detection and response). “There's also IP enrichment and other enrichment on the side. If you have a hunting team or a hunting platform, that is also going to have to get into the SIEM or the analytics platform,” Durrer said.

The result is a great deal of inefficiency in incident monitoring, logging and responding, even if the individual solution components are of high quality. 

3. Information needs integration

Every company has unique needs, but there are some common themes to effective cybersecurity solutions. Your solution should have integrated endpoint management and threat detection that populates logs in your security orchestration, automation and response (SOAR) platform. This can guide investigations and trigger a response within your SIEM platform. The logs need to be both rich and relevant, integrating multiple internal and external data sources.

AI has the potential to both streamline and enhance this work, by ingesting the logs and pulling in relevant enrichments that enhance the context. This can help reduce incident fatigue and accelerate incident investigations. Generative AI can also offer a user interface. “You could ask AI to give you a description of the incident and provide artifacts, IP addresses and hosting information,” Durrer said. “If it calls out something as malicious or dangerous, you can ask why. Then, it should pull data like IP reputation scores.”

AI can be daunting, but introduce it over time so you can ensure that it works for your team. “You want to test everything before you go live. Configure contingencies as alerts, wait for them to fire, see if you have enough information to investigate. Maybe you need to pull in more logs. Then, once you're ready, you establish your severity and finalize decisions. You've written your SOPs, so you can convert them to incidents.”

AI is a powerful tool. But human intelligence should ultimately shape your responses.  

4. Confusing interfaces mean confusing results

If your security solutions offer a poor user experience, that can cause another form of fatigue. Onerous deployments, unintuitive design or confusing information can affect a range of users.  

At a minimum, you need to ensure that any system is easily deployed. Ideally, it will come with tips for first-time or unfamiliar users.

Solutions should also be able to filter alerts, offering displays or timelines that elegantly visualize the information, with nested displays that let users view data at different levels of detail and relevance.  

Characteristics of high-performing solutions

Security will always be a cause for concern, but it’s also a pure expense — an insurance policy that generates no revenue. At professional services firms, there’s often pressure to tighten the belt on security spending.

To design a high-performing cybersecurity system that’s cost-efficient, focus on four characteristics:

• Endpoint-to-remediation integration: This should connect endpoint management, detection, collection, enrichment, analysis, hunting and response.
• Automation of low-value tasks: Automation can help address one of the leading causes of incident fatigue on a cybersecurity team. 
• Rich and relevant context: Investigations need a good starting point, combining robust information sources that your team can configure to meet your needs.
• User-friendly presentation: Your system is only as good as its user experience, so look at how to optimize everything from the deployment to the daily interface.

Your clients have entrusted you with their data. Protect it with a system that integrates the best available technology, data integration and a user experience that helps your team stay effective.