Short one on ROI in Cybersec – it’s about what you can show.

Home / News / Short one on ROI in Cybersec – it’s about what you can show.

The clear visible desired state is a valid starting point if IT Security strategy (and every strategy to be frank). The problem is the perception of security and the spending on it. As William Webster (member of the Homeland Security Adviosry board) said, “Security is always too much to this day is not enough.

During conversations with our Clients, we confirmed that taking minimizing and management of risk (financial sector is best at this) as foundation for IT security strategy is the best approach. The goal – despite different different budgets and maturity levels – is the same.

And how to manage the risk? By making threats visible.

  1. By controlling where the data lies or actual data – access to it, operations and transfering
  2. By implementing resource management (devices, data sources, identity, accounts).
  3. By implementing new structures such as Zero-Trust or Extended-Detection & Response.

To be on safe side during the Board meetings you need to be aligned with you key metrics connected to above and security in general.  Those can take many forms.

  • More reactive, like the number of incidents by type is certain period, mean time to react (to incident)  (MTTR), mean time to detect (MTTD), break-in attempts, and the number of unidentified devices on the network.
  • „Proactive” ones for checkpoints of learning level and vulnerability exposure & mitigation. Examples can be phishing test success rate, security awareness test results, average days to introduce patches, percentage of fully updated devices in network or percentage of incidents reported by business personel.

Too often we fall into the problem of a “shiny object” in which you want to see that everything will be done the way we want it to – including technological products. Rarely, the product only by itself can be a 100% return on investment. The effect is the quality of the tool + the effectiveness of the people who use it.

If the security leaders focus on providing visibility and reporting what their teams can unravel – they can prove to the Board that their organization can quickly detect threats and react to them. Which assures business continuity.

Remember – anydata is always better than none. Your task is to outperform alternative (which often is not data & visibility at all).

Related articles

Alert (AA22-110A) - How to Deal with russian APT
Do you remember the times with safe internet? So... 3 times a charm of attacking WWW users.
MalOps by Cybereason - Capture malicious processes, not alerts
Please be advised that our website is using cookies for marketing, statistical and functional reasons. In order to optimize the content on our website and to adapt them to your individual needs, we use informations saved using cookies on users’ end devices. Cookies can be controlled by the user through the settings of their web browser. By contiuning to use our website without changing your web browser settings, you are accepting the use of cookies.
I accept More info