How MDR will transform cybersecurity in the mid-market

Mid-sized businesses are under enormous pressure to keep the organisation secure but without the deep pockets of the larger corporates they're fast becoming easy targets. In 2023, 59% of medium sized businesses suffered a cyber attack or data breach in the UK. 

The economic downturn has made it that much harder to secure investment, with 53% delaying purchasing or implementing new technology, 35% cutting training, and 24% electing not to renew cyber software licenses, according to the ISC2 Cybersecurity Workforce Study 2023. It's an issue further exasperated by the skills shortage, which is estimated to stand at 73,439 in the UK according to the ISC2 Cybersecurity Workforce Study 2023 and has increased 29% to become the highest in Europe. 

Combine that lack of investment with those skills shortages, and you end up with a sector that is unable to compete for or retain talent. Nearly six out of 10 organisations that were unable to offer a competitive salary were found to have skills gaps because they struggled to keep people with in-demand skills. What's more, if the business then has to reduce its headcount the security posture has been shown to suffer as result. The same survey found over half of organisations that had laid off staff had skills gaps compared to 39% that had not, suggesting this can create something of a vicious circle. 

Breaking the cycle

For the mid-sized business this can see defences become eroded over time, increasing the potential for a breach to occur. This is because cutbacks, layoffs and staffing shortages affect the ability to the organisation to remain agile and respond to a changing threat landscape. The pressure for the team to do more with less eventually leads to compromises being made, with half citing insufficient time to do risk assessments, 45% reporting an inability to maintain oversight, 38% that it led to misconfigured systems and 38% that it saw them unable to patch systems in a timely manner.

Recognising the need to break out of this cycle, some mid-sized organisations are now taking a different approach by looking to Managed Detection and Response (MDR). MDR can be used to enhance threat detection, investigation and incident response via a third party. A flexible service, it enables the business to outsource its threat detection and incident response (TDIR) to a greater or lesser extent depending on requirements, making it an ideal way of supplementing the shortfalls being created by current economic and staffing demands. So, an MDR team can work with the inhouse team to manage threat response or the function can be completely outsourced. 

MDR sees the provision of a SOC-like TDIR service with a team monitoring activity, carrying out continuous threat hunting and providing alerts, remediation and recovery advice in the event of an attack. These are performed via the combination of security tools, including Security Incident and Event Management (SIEM), Network Detection and Response (NDR), and Endpoint Detection and Response (EDR), with a team of analysts so that the service itself boasts automated detection together with human intelligence and analysis. This ensures that any suspicious activity on the network is detected and acted upon both from a technological and human perspective.

Futureproofing the business

Outsourcing TDIR also effectively future proofs the organisation against the need to invest in new solutions as the perpetual arms race of attacker versus defender continues to evolve. The emergence of AI-engineered attacks is going to require security teams to be able to detect and counter these attacks, with the NCSC warning that we can expect AI to increase the ransomware threat, for example, by using data to craft more convincing phishing and social engineering attacks. This means automated orchestration and response will become more important.

In addition, compliance demands are likely to become more onerous, with the mandation of risk management and security controls under NIS2 across Europe from October and in the form of the Cyber Security and Resilience Bill in the UK. Both will see mid and large sector organisations brought in scope that are deemed to be essential to the economy and aim to improve the reporting of incidents so that cyber threats can be more easily tracked and trends analysed by respective governments. 

Reporting obligations will increase, with NIS2 demanding essential entities disclose via an early warning within 24 hours of a material incident or 72 hours in the case of important entities. A formal disclosure must be made within 72 hours, and a full report within a month. As a result, mid-sized businesses will need reliable TDIR processes to be in place in order to be compliant, making MDR an attractive proposition that then allows the business to focus on core activities.

The shift towards MDR solutions signifies a fundamental change in how mid-market businesses will approach cybersecurity. Entrusting their detection and response to specialised experts in the form of Managed Security Service Providers (MSSPs) will enable these organisations to safeguard their critical assets and maintain customer trust by demonstrating their commitment to cybersecurity amidst challenging times. As a result, the MDR industry will experience significant growth as the mid-sized business sector seeks to navigate the intricate and ever-evolving landscape of cyber threats and regulations.