March 24, 2018 Hormazd Romer
The results of the Hiscox Cyber Readiness Report are in, and it appears that seven of 10 organizations currently fail the cybersecurity readiness test.
That's not all: 69 percent of respondents currently see cyberthreats as the top risk to their organizations. Meanwhile, large businesses lose, on average, $1.05 million every year to cybercrime, while midsize businesses lose $578,762 in the same period, and small businesses lose $34,604.
So what does it all mean? For one thing, not nearly enough organizations are prepared to handle the onslaught of cybercrime, and the result is direct monetary harm – not including reputational damages, of course.
Secondly, organizations of all sizes need to very careful about where they spend their next dollar on cybersecurity. It's promising that, according to the report, nearly 60 percent of respondents intend to increase security spending by 5 percent or more in the year ahead. Nevertheless, throwing money into "the latest and greatest" solutions or managed services won't necessarily yield the desired results.
Cybersecurity is a business problem, and like most business problems, the solution that organizations invest in should be deliberately chosen for its demonstrable ability to generate ROI over time.
The first thing any CISO should look at when considering security investments are the operational requirements tied to a given resource. In other words, how much additional time and effort will be required before you actually see value?
When it comes to cybersecurity, the rule of thumb has historically been that more tools means more time spent managing those tools.
For example, deploying a security information and event management (SIEM) system is obviously nonsensical if you lack the in-house security expertise needed to properly configure, tune, and manage it. Simple enough, right?
Consider what happens, though, as you integrate more solutions to your existing SIEM. The amount of log flow data continually increases, and it eventually risks reaching a point where there's just too much data, too many alerts and not enough security analysts to deal with them.
In fact, the infamous Target breach of 2013, which compromised 70 million customers' private data, only happened because the retailer missed internal alerts. It's $1 million anti-malware system worked, but the alert wasn't given the attention it needed.
And as anyone who's paid even an iota of attention to hiring trends already knows, the problem isn't as simple as just hiring a few more security analysts. These professions are in low supply and high demand, and the annual asking price for their full-time service is high and getting higher.
So like we were saying: Be careful you pay for. You need technology that will give you more value – one that, rather than demanding more of your existing security resources, helps you maximize their efficacy.
First, we recommend investing in your people, and not just for the purposes of retaining your security analysts. So many attacks only occur because users are manipulated by phishing scams into taking certain actions that give hackers a way in. Taking time, perhaps just 30 minutes once or twice a month, to impart best security practices on employees can go an incalculably long way toward improving security posture, and at almost no cost.
Next, you'll need to look at your next security investment from your analysts' point-of-view. They're already inundated with alerts, and that alone increases the risk of false negatives (aka misses) that can harm your organization. So how then, do you make sure that the only alerts that reach your security analysts are the alerts that are worth their time and expertise?
That brings us to our second key recommendation: Deploy a security automation platform that deeply contextualizes log data to filters out false alarms, and self-improves based on human security analyst feedback. Not only does this make better use of your most valuable existing resource (human expertise), but it also gives you a security investment that appreciates in value.
The longer your security automation platform is in use, the better it gets at weeding out false alarms. The better it gets at weeding out false positives, the better it gets at bringing potential false negatives to the attention of your analysts. Over time, this results in self-sustaining, long-term ROI on your security spend – and holistically enhanced security posture, to boot.
May 20, 2022 Willy Leichter
Demystifying the technology with case studies of AI security in action Many automation tools, such...
Learn MoreMay 17, 2022 Willy Leichter
While we’ve been talking about and imagining artificial intelligence for years, it only has...
Learn MoreMay 15, 2022 Tessa Mishoe
Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...
Learn MoreMay 9, 2022 Tessa Mishoe
Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...
Learn MoreMay 6, 2022 Kumar Saurabh
LogicHub’s unique decision automation technology can build clients the ultimate security playbook...
Learn MoreMay 3, 2022 Kumar Saurabh
Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...
Learn MoreApril 29, 2022 Tessa Mishoe
Introduction Within the realm of security, there are many different toolsets and opinions on what...
Learn MoreApril 27, 2022 Willy Leichter
SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...
Learn MoreApril 21, 2022 Willy Leichter
When updating your systems from a pure Security Information Event Management (SIEM), choosing the...
Learn MoreApril 15, 2022 Tessa Mishoe
Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...
Learn More© 2017-2022 LogicHub®
All Rights Reserved
Privacy Policy
Terms of Use
Sitemap
© 2017-2022 LogicHub®
All Rights Reserved
Privacy Policy
Terms of Use
Sitemap