Maximizing cybersecurity ROI: A strategic approach
We are in the golden age for hackers, as cyber threats are becoming both sophisticated and more accessible. Attack volumes are on the rise, with the NCSC even stating that attacks were at an “all-time high”. This means that security leaders are under significant scrutiny to provide tangible, measurable outcomes and effective ROI for their investments.
However, achieving this has been difficult, given the extensive freedom and accessibility that threat actors enjoy today. The availability of advanced automated attack tools, accessible dark web marketplaces, the prevalence of Ransomware-as-a-Service (RaaS), and often support from nation-states have given threat actors an unprecedented ability to target any industry and business regardless of its size.
Most concerningly, whilst attackers are evolving their techniques and targeting wider industries, their core process remains the same: gain initial access, leverage lateral movement, and find valuable assets. Most security teams are already aware of these malicious techniques. However, the continued succession of attacks indicate that organizations are not utilizing their investments to its fullest potential.
With Gartner predicting $215 billion to be spent in security and risk management this year, the stakes have never been higher for CISOs. As immense pressure mounts to safeguard valuable assets while demonstrating the ROI of investments to the board. The answer lies not in the volume of spending, but rather where it is targeted.
Senior Director of Cybersecurity Strategy & Research at Illumio.
Extending security strategies beyond traditional measures
Traditional security measures, while still foundational, no longer suffice. Threat actors can compromise any user account or device across the extended network ecosystem, live in the network for months, and laterally move from system to system. They also leverage automated attacks, employing bots to rapidly exploit vulnerabilities and disseminate malware.
So, organizations must look beyond endpoint protection and perimeter defenses, and instead shift their focus to strategies that prevent attackers from moving laterally within hybrid IT environments. The key lies in understanding and disrupting the pathways attackers exploit, from initial breaches to data extraction.
However, the continuous expansion of hybrid IT environments, blending on-premises and cloud infrastructures, presents unique challenges for security teams to maintain the visibility of all their assets. Ultimately, these systems become potential entry points for threat actors as they leverage the obscured visibility to live in the system for a long time and laterally move towards their desired resources.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
So, prioritizing defenses solely on the perimeter won’t get you the best ROI. To increase resilience, organizations must prioritize investments in security measures that address lateral movement patterns within and across hybrid IT. It’s not just about blocking initial entry points but about creating a security posture that limits the attacker’s ability to explore and exploit the network.
Adopting an ‘assume attack’ mentality
Before spending their budgets, CISOs need to be strategic in aligning their investments with business objectives. It’s important to embrace the reality first – aiming to prevent a breach is not a realistic goal anymore. Therefore, the focus must shift towards limiting the attack surface and effectively containing the breaches when they occur.
This calls for an ‘assume attack’ mentality. By shifting to a mindset that expects and plans for cyber incidents, organizations can develop more resilient defense mechanisms. It involves recognizing that breaches are not a question of ‘if’ but ‘when’. This acknowledgement drives the development of strategies focused on rapid detection, response, and recovery.
A crucial aspect of this shift is changing the perception around planning for failure. Planning for cyber incidents shouldn’t be seen as admitting defeat but as a proactive measure to strengthen resilience. It’s about preparing to respond effectively, not expecting to fail.
The best way to achieve this new mindset is through the implementation of Zero Trust Segmentation (ZTS) solutions. ZTS reduces the blast radius of any attack by up to 66 per cent, by breaking up the network into multiple small segments. This helps security teams to limit user access and monitor communication and traffic flow between different network segments. So, when unauthorized access occurs, the user’s movement is confined to that particular network segment, thereby thwarting lateral movement.
Moreover, ZTS extends its ROI beyond immediate breach response. We found that organizations report up to 90 per cent savings in SecOps labor and substantial reductions in tool consolidation costs, reaching up to $3 million in savings. This strategic shift not just bolsters security but also supports business continuity, safeguarding against the disruptive effects of cyber incidents.
Addressing risks in ongoing cloud migration
Finally, enterprises also need to ensure their security strategies can keep up with the scope and complexity of their developing IT estates. Cloud migration presents fertile ground for threat actors.
Misconfigurations and shadow IT expand the attack surface, leaving cloud resources inadvertently exposed and providing easy access for attackers. The complexity of cloud infrastructure, combined with rapid deployment cycles, increases the likelihood of such vulnerabilities, making diligent configuration management and continuous security monitoring essential.
Most importantly, zero-day vulnerabilities in cloud platforms pose a persistent threat. Attackers can exploit these unknown vulnerabilities before vendors issue patches or fixes, leading to data breaches and system compromises. This is why it’s imperative for organizations to prioritize security investments as they expand their digital footprints.
Key to managing cloud-related risks is a thorough understanding of the cloud architecture and its security implications. Enterprises must assess their cloud environments for vulnerabilities, prioritizing the protection of sensitive data and critical operations. This involves implementing security controls tailored to the cloud, such as identity and access management (IAM) solutions, encryption, and endpoint security.
Furthermore, organizations need to monitor suspicious activities continuously, employing advanced threat detection tools that can adapt to the cloud’s fast-paced changes. This level of vigilance helps in early detection of potential breaches, allowing for swift action to mitigate risks.
Collaboration with cloud service providers (CSPs) enhances security outcomes. CSPs often offer built-in security features and best practices guidance. Leveraging these resources, in conjunction with a comprehensive security strategy, can significantly reduce the attack surface.
Ultimately, as digital footprints expand, organisations must keep security outcomes at the forefront of their planning and investment decisions. By understanding the unique challenges of cloud environments and adopting ZTS within the ‘assume attack’ framework, enterprises can achieve the best ROI from their investments.
We’ve featured the best ransomware protection.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
We are in the golden age for hackers, as cyber threats are becoming both sophisticated and more accessible. Attack volumes are on the rise, with the NCSC even stating that attacks were at an “all-time high”. This means that security leaders are under significant scrutiny to provide tangible, measurable outcomes…
Recent Posts
- Microsoft Surface rumors point to a big Copilot Plus refresh next year
- What Arm’s CEO makes of the Intel debacle
- Nobody wants this but a TikTok ban is starting to seem inevitable
- OpenAI’s new AI Reinforcement Fine-Tuning could transform how scientists use its models
- 13 Deals on WIRED-Approved Gear at Walmart
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011