Cybersecurity Success is all about Speed

View this email in your browser

In a world measured by success it may seem counterintuitive to make the bold statement that when it comes to cybersecurity failing less is what should be striven for.

Intrusions will happen, and the job of cyber defense is to keep a bad situation from getting worse.

We all acknowledge the current reality “it’s not a matter of if an organization will get attacked, but rather when.” Nuanced success in cybersecurity therefore is “bad things can and will happen, but it could always be worse.”

Avoiding the worst-case scenario is the goal for defenders. This premise may not be the most aspirational on the surface but it’s something every cybersecurity professional MUST accept.

Any time a defender can reduce risk or stop the bleeding before an incident becomes a festering wound is a good day in cybersecurity.

Highly sophisticated cybercriminals or nation-state attackers with effectively limitless resources, only need to get it right ONCE to get through security or controls.

As such, speed (not the movie from 30 or so years ago) is ultimately the secret sauce. That’s how you prevent an incident from becoming a breach. You’ve got to move faster than the adversary.

We recommend that how a business allocates resources and prioritizes security throughout the organization plays a significant role in achieving incremental success as it relates to the bottom line. And that starts at the top.
Consider what both Microsoft and Boeing CEO’s have said recently after their security was called into question.

Successful security leaders can inextricably link their department’s efforts and investments to business outcomes. Demonstrating how security investments contribute to revenue in a way that resonates with fellow executives is critical.
The pressure to prove cybersecurity is a profit center rather than a cost center is mounting as CISOs move up the organization chart and security budgets continue to rise as others are cut,

Global spending on security and risk management is projected to reach $210 billion in 2024, a 13% increase from 2023, according to Gartner’s latest forecast on the sector. And Gartner expects global security spending to increase almost 13% in 2025, too, nearing $237 billion.

The crux for security leaders and defenders at large is to validate how and where those costs translate to valuable benefits for the business.
The share of technology funds allocated to cybersecurity is also growing. Organizations said they devoted 8% of their technology budgets to cybersecurity in 2023, up from 5% in 2019, according to Moody’s 2023 cyber survey.

Maintaining a comprehensive and appropriate security posture meets customer demands and cyber insurance requirements is paramount. As I posted on social media back in April 80% of businesses which suffered a cyberattack weren’t fully covered under their cyber insurance policy. On average, each insurance gap left more than 75% of a breach uncovered. The research, which analyzed 101 breaches across various sectors, revealed an average of $27.3 million in uncovered losses per incident.

According to Forrester security leaders can also use regulatory compliance to their advantage by calculating how much it costs to meet cross-regulatory requirements and how much revenue is generated from each vertical, region or market segment those rules satisfy.

One of the tenets of business is don’t spend anything that you don’t absolutely have to until you need it so when security leaders push leadership to spend more money and time on defense, they MUST clearly articulate to executives that the need is urgent, worth the investment, or if a halfway measure might be sufficient in that moment.

There are no simple answers to define or measure success in cybersecurity, and it largely depends on each business, or in plain terms as the absence of a surprise. If something bad happens and comes out of left field and feels like it should have known about that is what management should be upset by.
Another key metric is an organization’s time to respond – how long it takes the enterprise to identify the full extent of an intrusion, boot the attacker from the environment and do root-cause analysis to determine how the attacker broke into the system.

Dwell times for intrusion detections declined last year to their lowest level in a decade sliding to a median of 10 days in 2023 compared to 16 days in 2022. https://www.techtarget.com/searchsecurity/news/366581738/Mandiant-Attacker-dwell-time-down-ransomware-up-in-2023

If YOU can identify, scope, triage and eject the adversary before they’ve been able to escape and break out, YOU still won because the adversary hasn’t achieved their objective.

The clean-up work after an attack is of equivalent importance. Once the point of intrusion is identified, organizations must address it quickly to keep attackers from coming back in to initiate follow-on attacks.

Cybersecurity is about risk. Our view is if you can minimize the probability and minimize the impact, you’re doing a pretty good job.

Which security model aligns with your organization?
 
Unsure, or want a FREE second opinion. That’s our role for you!

Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security

Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
 
 

Copyright © 2024 Richard Freiberg CPA PC, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.