Cyber risk alert: 8 key takeaways for effective SOC and TPRM strategies

Reading Time: 8 minutes

600 million daily attacks. 258 days to detect. $4.88 million average breach cost in 2024. These numbers are the stark reality of today’s cybersecurity threat landscape. And they’re growing. Recent industry reports indicate that cyberattacks have increased by over 38% year over year.

But here’s what those statistics don’t tell you: The organizations that recover fastest, maintain operations under attack, and emerge stronger aren’t necessarily those with the most sophisticated tools. They’re the ones who have built true cyber resilience.

As experts, partners, and customers converged at the recent SHI & Stratascale Summit: Cybersecurity and AI, the insights were both alarming and compelling. The common denominator woven throughout our summit sessions and customer discussions? Cyber risk.

Cybersecurity threats are not only increasing in frequency but also in sophistication. A security talent shortage is evident, with not enough analysts or qualified individuals to detect escalating risks and more critical jobs and roles open than can be filled. “Cybersecurity professionals are feeling this pressure, as 90% of respondents have one or more skills gaps on their cybersecurity teams,” found the 2024 ISC2 Cybersecurity Workforce Study.

Security operations (SecOps) teams continue to struggle, faced with alert fatigue, complexity of threats, misconfigured tools, and analyst turnover. But “just because it is, doesn’t mean that it has to be,” said Ricky Warrington, Stratascale Director – Managed Security Operations.

Organizations can build cyber resilience by modernizing the security operations center (SOC) and formalizing a robust third-party risk management (TPRM) program — creating systems that don’t just defend against attacks, but adapt, recover, and continue operating when incidents occur. These are two top-of-mind initiatives for CISOs today.

Power your modern SOC

A SOC is “a command center for monitoring the information systems that an enterprise uses for its IT infrastructure,” which may include websites, databases, servers, applications, networks, desktops, data centers, and endpoints. An effective SOC team monitors, detects, investigates, and responds to threats while safeguarding digital assets, including sensitive data and systems, according to Fortinet.

You understand the direct role your SOC plays in your security stance. How do you ensure its performance measures up? Here are four key takeaways to help power your modern SOC.

1.     Traditional SOCs are reactive, but modern SOCs must be proactive.

To tackle an increasingly complex security environment, it starts by being brilliant at the basics, a concept discussed by Jordan Mauriello, SHI Chief Technology Officer. Traditional in-house monitoring, detection, and response (MDR), as well as managed SOCs, may provide 24/7/365 MDR coverage with predefined escalation paths, initial triage, certain incident response capabilities, and some degree of automation and remediation. However, there are several challenges to consider. How will you manage low fidelity and high costs? Additionally, you need to address the complexities of technology as a barrier and adapt to evolving attack methods.

Practical tip: Conduct a 30-day false positive audit right now. Track your top 10 alert types, identify which consistently lack actionable context, and either tune or disable the worst offenders. Most SOCs can reduce alert volume by 40-60% this way.

2.     Taking a holistic, proactive approach to cybersecurity can support and drive your security program.

Resilient SOCs don’t just detect threats — they maintain operational capability even during major incidents and learn from every attack to strengthen future defenses. By integrating traditional monitoring capabilities with intelligence-driven threat prevention and control hardening, organizations gain heightened situational awareness alongside the ability to mitigate risks before they materialize. Stratascale’s modern SOC, enhanced with Critical Start’s MDR services, offers 24/7/365 monitoring, cyber threat intelligence, and incident response. Critical Start “combines human-driven expertise with AI-assisted precision to deliver comprehensive threat detection and response.”

Practical tip: Focus on metrics that actually drive behavior change: mean time to triage (MTTT) instead of just mean time to detect (MTTD), alert-to-incident ratio (aim for under 5%), and analyst utilization rate (time spent on real threats vs. false positives).

3.     AI amplifies human intelligence — it doesn’t replace human judgment.

The introduction and mass adaptation of AI have been both a benefit and a detriment to security professionals. AI alone is not enough due to risks like hallucinations and false positives. Incorrect verdicts can result in missing true positives or automatically acting on false positives. There are still important gaps and inconsistencies; generic models lack the necessary business context for nuanced security decisions.

Human validation is essential to ensure accuracy and reduce risk. With Stratascale and Critical Start’s layered approach, AI identifies known good behavior; anomalies are escalated to human analysts.

Practical tip: Create a “known good” baseline this week. Document 5-10 common legitimate activities in your environment (software updates, scheduled maintenance, backup processes) and create exception rules. This alone can cut false positives by 25%.

4.     Lack of integrated architecture creates gaps in your defenses.

Attackers can use these vulnerabilities to penetrate and move through systems. Modern SOCs must integrate endpoint, identity, and application protection. Expert insights from Critical Start, Sumo Logic, and Tines emphasized the need for seamless integration and automation to reduce false positives and analyst burnout.

Stephen Christiansen, Stratascale Principal Security Consultant, and Drew Nicholas, Microsoft Director of Security, delved into the importance of modern threat protection that is “secure by design.” Verify explicitly and prioritize chokepoints or entry points that have the most exposure; look at levels of risk across your users, data, and network. Taking an “assume breach” mentality, discover and define who has access to sensitive information.

Evaluate your TPRM program

Managing risk is essential to your security posture, especially as your attack surface expands while working with external vendors and service providers.

While third parties can help you increase efficiency, accelerate growth, and gain competitive advantages, they can also increase your risk. Any disruption in the third-party network could cause both short-term and long-term damage — a precarious position for any organization. A resilient TPRM program doesn’t just assess vendor risk; it ensures your organization can rapidly adapt when third-party incidents occur, maintaining business continuity while containing exposure.

Practical tip: Start with a 15-minute vendor risk assessment using this simple formula: Score each vendor on data access (1-5) × business criticality (1-5) × regulatory exposure (1-5). Any vendor scoring above 75 needs immediate attention.

“TPRM is a critical component of a broader cybersecurity strategy because it acknowledges that no organization operates in isolation,” according to Rapid7. “By proactively managing third-party risks, organizations can reduce exposures to potential threats and safeguard their reputations.”

Dennis Allen, Stratascale Director of Security Programs – Strategy and Risk, and Olu Balogun, Stratascale Integrated Risk Management and Compliance Analyst, discussed the components of effective TPRM, including:

• Clear protocols for ongoing third-party risk management and monitoring.
• Thorough due diligence on all third-party entities.
• Validation of third-party inventory list(s), along with both internal and external contact(s).
• Collaboration with internal stakeholders to align third-party activities with organizational objectives.

Practical tip: Verify you have 24/7 incident contact information for your top 20 critical vendors. Create a simple spreadsheet with vendor name, primary contact, after-hours number, and last verification date. Update this quarterly.

This includes defining tiers for assessments and following the Stratascale TPRM process, which involves steps like assessment requests, risk management, profiling, monitoring, and offboarding. For instance, the procurement team will ask a series of questions to determine the vendor’s risk level, using tools like the SIG Lite Tier 1 assessment. Thorough decision-making involves multiple stakeholders at the table, including cybersecurity, legal, procurement, business leaders, and risk management.

Here are four essential metrics for evaluating and improving your TPRM performance.

1. Vendor risk tier distribution: Our TPRM model classifies vendors into red, amber, and green tiers using tools like Mitratech’s Prevalent dashboard for risk visibility, featuring SLA and performance management, inherent risk scoring, quick onboarding, and more. Other leading tools include OneTrust and ServiceNow.
2. Assessment completion rate: Stratascale’s TPRM lifecycle includes standardized assessments from request to offboarding, ensuring consistent evaluation of third-party risks.
3. Time to risk identification: Early detection of vendor risks is critical. The Prevalent dashboard can provide security incident notifications before vendors alert affected parties.
4. Third-party incident response readiness: We integrate incident response capabilities with SHI One Labs on Demand and contract management to boost readiness in the event of a third-party breach.

Practical tip: Conduct a weekly 15-minute security hygiene check. Review privileged access for any departed employees, spot-check three random vendor access logs, and verify backup completion for your most critical systems. Set a recurring calendar reminder.

Build “antifragile” cyber resilience

“Resilient by design” was the recurring and intentional theme of the SHI and Stratascale Summit, for good reason. True cyber resilience isn’t just about preventing attacks; it’s about building systems and processes that adapt, learn, and emerge stronger from every incident. With the threat landscape evolving at an unprecedented rate, AI is emerging as both an essential defense tool and a sophisticated weapon, and security programs and professionals are facing more alerts, complex risks, and high turnover. But resilient organizations view these challenges as opportunities to strengthen their defensive posture and operational capabilities.

By evaluating, enhancing, and modernizing your SOC and TPRM programs, with a resilient security posture, you’re not just building better security — you’re creating organizational “antifragility” that turns cyber adversity into competitive advantage. Consider engaging SHI and Stratascale for a deeper look into your cybersecurity. We have a wealth of security and AI resources, tools, and expertise to help you get started:

• Security Posture Review (SPR): Our experts assess your security landscape, risks, and your organization’s ability to maintain operations during incidents. We present a map of all your toolsets and any gaps, analyze your environment, and provide maturity scoring and actionable recommendations.
• SHI One and Labs on Demand: Leverage our unified platform to view, manage, and optimize your IT assets, cloud environments, and managed services, including hands-on tool testing, roadmaps, and labs.
• AI & Cyber Labs: Test, build, and deploy AI and cybersecurity solutions in a safe, scalable, and cutting-edge environment, without the risk.

Take the crucial steps to build cyber resilience that doesn’t just survive attacks but learns and adapts from them — the threat landscape demands it, and that starts with resilient security operations and risk management. Partner with our experts to improve your security programs with actionable strategies for the year ahead.