BID® Daily Newsletter
Feb 8, 2021

BID® Daily Newsletter

Feb 8, 2021

Security Operations Center – Is It For You?

Summary: The average cost of a data breach in the US last year was $3.68MM and this number is only expected to get larger. Can a Security Operations Center (SOC) help your institution? We explore the options, including in-house, outsourcing, and SOC-as-a-Service to help guide you through this process.

Apparently, disappearing socks is no longer a mystery. One family took apart its washing machine when it was not functioning properly and found that socks had slipped through the thick rubber ring that allows you to tightly seal the door. According to a GE quality engineer, this can happen at high spinning speeds. While not a mystery, another type of SOC, Security Operations Center, is helping financial institutions deal with the head-spinning cost of cybercrime.
 
With new cyber threats emerging daily, you may be hearing more about SOC as a way to batten down the cybersecurity hatches. While this approach may not work for every institution, we provide you with some background and three options to consider.
 
At its core, a SOC is a round-the-clock team and facility focused on cybersecurity prevention, detection, and response. There are many different models, including a virtual SOC, a dedicated SOC, and a partially outsourced SOC, according to Gartner.
How a SOC can help
The benefits of a SOC can be tangible, if done correctly. For example, because the services are continuous and dedicated, there’s a better chance of an organization being able to prevent attacks and respond more efficiently to cyber threats, experts say.
The cost of SOC is high
But there can be significant challenges, including cost. Consider that organizations spend on average $2.86MM a year on their in-house SOCs, according to a survey from Respond Software and Ponemon Institute. Outsourcing was found to cost even more — a whopping $4.44MM annually. That said, this is the total cost for all institutions and it is expected to be lower for smaller institutions.
And costs of data breaches and cybercrime are high
So, is a SOC worth the high price and effort? The average total cost of a data breach in the U.S. was $3.86MM, according to a 2020 data breach report from IBM and the Ponemon Institute. Cost notwithstanding, 73% of survey respondents said their SOCs are a crucial element to their overall cybersecurity strategy.
Not only that, cybercrime is expected to only get worse. Cybersecurity Ventures predicts global cybercrime costs will climb 15% per year over the next 5Ys, reaching $10.5T annually by 2025, up from $3T in 2015.
The options – build in-house, outsource, or SOCaaS
  1. In-house option: Hiring the proper expertise is critical. To have the proper heft, your team will likely need to include a manager, a data analyst, a breach investigator, a responder, and an auditor, though multiple roles can be performed by the same person. 
  2. Outsourcing: Some providers tailor their services to smaller institutions. Adlumin, for instance, has been named an ICBA Preferred Service Provider and works with financial institutions ranging from $100MM to $20B in assets.
  3. SOCaaS (SOC-as-a-Service): This is where experts can do the heavy lifting while you pay a “subscription fee.” General services include managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. But, more can be added, of course.
After all this, the best way to know if a SOC is right for your institution or not, is to dig a little deeper and do some more research. Tap into your current IT team to see what cybersecurity measures are already in place and which ones still may be needed. Then, you can make the right decision for your institution and your customers.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Information-Sharing Networks Identify Financial Crimes Faster
As the amount of online fraud continues to rise, there is mounting evidence that information-sharing initiatives around the world could provide a glimpse into the future of how financial institutions can most effectively identify and combat cybersecurity attacks.
Educating Customers on the Risks of Gaming Platforms
Online gaming platforms have become extremely popular in recent years, with 76% of children under 18 playing regularly and connecting their parents’ credit cards and bank cards to their gaming accounts. Financial education about the risks of online gaming payments can add value for young and older customers alike.