The results of the Hiscox Cyber Readiness Report are in, and it appears that seven of 10 organizations currently fail the cybersecurity readiness test.

That's not all: 69 percent of respondents currently see cyberthreats as the top risk to their organizations. Meanwhile, large businesses lose, on average, $1.05 million every year to cybercrime, while midsize businesses lose $578,762 in the same period, and small businesses lose $34,604.

So what does it all mean? For one thing, not nearly enough organizations are prepared to handle the onslaught of cybercrime, and the result is direct monetary harm – not including reputational damages, of course.

Secondly, organizations of all sizes need to very careful about where they spend their next dollar on cybersecurity. It's promising that, according to the report, nearly 60 percent of respondents intend to increase security spending by 5 percent or more in the year ahead. Nevertheless, throwing money into "the latest and greatest" solutions or managed services won't necessarily yield the desired results.

Cybersecurity is a business problem, and like most business problems, the solution that organizations invest in should be deliberately chosen for its demonstrable ability to generate ROI over time.

More of the wrong technology is a recipe for disaster

The first thing any CISO should look at when considering security investments are the operational requirements tied to a given resource. In other words, how much additional time and effort will be required before you actually see value?

When it comes to cybersecurity, the rule of thumb has historically been that more tools means more time spent managing those tools.

For example, deploying a security information and event management (SIEM) system is obviously nonsensical if you lack the in-house security expertise needed to properly configure, tune, and manage it. Simple enough, right?

Consider what happens, though, as you integrate more solutions to your existing SIEM. The amount of log flow data continually increases, and it eventually risks reaching a point where there's just too much data, too many alerts and not enough security analysts to deal with them.

In fact, the infamous Target breach of 2013, which compromised 70 million customers' private data, only happened because the retailer missed internal alerts. It's $1 million anti-malware system worked, but the alert wasn't given the attention it needed.

And as anyone who's paid even an iota of attention to hiring trends already knows, the problem isn't as simple as just hiring a few more security analysts. These professions are in low supply and high demand, and the annual asking price for their full-time service is high and getting higher.

So like we were saying: Be careful you pay for. You need technology that will give you more value – one that, rather than demanding more of your existing security resources, helps you maximize their efficacy.

The right less, on the other hand, is a fast-track to ROI

First, we recommend investing in your people, and not just for the purposes of retaining your security analysts. So many attacks only occur because users are manipulated by phishing scams into taking certain actions that give hackers a way in. Taking time, perhaps just 30 minutes once or twice a month, to impart best security practices on employees can go an incalculably long way toward improving security posture, and at almost no cost.

Next, you'll need to look at your next security investment from your analysts' point-of-view. They're already inundated with alerts, and that alone increases the risk of false negatives (aka misses) that can harm your organization. So how then, do you make sure that the only alerts that reach your security analysts are the alerts that are worth their time and expertise?

That brings us to our second key recommendation: Deploy a security automation platform that deeply contextualizes log data to filters out false alarms, and self-improves based on human security analyst feedback. Not only does this make better use of your most valuable existing resource (human expertise), but it also gives you a security investment that appreciates in value.

The longer your security automation platform is in use, the better it gets at weeding out false alarms. The better it gets at weeding out false positives, the better it gets at bringing potential false negatives to the attention of your analysts. Over time, this results in self-sustaining, long-term ROI on your security spend – and holistically enhanced security posture, to boot.

Blog

Related Posts

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More