Maximizing cybersecurity ROI: A strategic approach

We are in the golden age for hackers, as cyber threats are becoming both sophisticated and more accessible. Attack volumes are on the rise, with the NCSC even stating that attacks were at an “all-time high”. This means that security leaders are under significant scrutiny to provide tangible, measurable outcomes and effective ROI for their investments.

However, achieving this has been difficult, given the extensive freedom and accessibility that threat actors enjoy today. The availability of advanced automated attack tools, accessible dark web marketplaces, the prevalence of Ransomware-as-a-Service (RaaS), and often support from nation-states have given threat actors an unprecedented ability to target any industry and business regardless of its size.

Most concerningly, whilst attackers are evolving their techniques and targeting wider industries, their core process remains the same: gain initial access, leverage lateral movement, and find valuable assets. Most security teams are already aware of these malicious techniques. However, the continued succession of attacks indicate that organizations are not utilizing their investments to its fullest potential.

With Gartner predicting $215 billion to be spent in security and risk management this year, the stakes have never been higher for CISOs. As immense pressure mounts to safeguard valuable assets while demonstrating the ROI of investments to the board. The answer lies not in the volume of spending, but rather where it is targeted.

Senior Director of Cybersecurity Strategy & Research at Illumio.

Extending security strategies beyond traditional measures

Traditional security measures, while still foundational, no longer suffice. Threat actors can compromise any user account or device across the extended network ecosystem, live in the network for months, and laterally move from system to system. They also leverage automated attacks, employing bots to rapidly exploit vulnerabilities and disseminate malware.

So, organizations must look beyond endpoint protection and perimeter defenses, and instead shift their focus to strategies that prevent attackers from moving laterally within hybrid IT environments. The key lies in understanding and disrupting the pathways attackers exploit, from initial breaches to data extraction.

However, the continuous expansion of hybrid IT environments, blending on-premises and cloud infrastructures, presents unique challenges for security teams to maintain the visibility of all their assets. Ultimately, these systems become potential entry points for threat actors as they leverage the obscured visibility to live in the system for a long time and laterally move towards their desired resources.

So, prioritizing defenses solely on the perimeter won’t get you the best ROI. To increase resilience, organizations must prioritize investments in security measures that address lateral movement patterns within and across hybrid IT. It’s not just about blocking initial entry points but about creating a security posture that limits the attacker’s ability to explore and exploit the network.

Adopting an ‘assume attack’ mentality

Before spending their budgets, CISOs need to be strategic in aligning their investments with business objectives. It’s important to embrace the reality first – aiming to prevent a breach is not a realistic goal anymore. Therefore, the focus must shift towards limiting the attack surface and effectively containing the breaches when they occur.

This calls for an ‘assume attack’ mentality. By shifting to a mindset that expects and plans for cyber incidents, organizations can develop more resilient defense mechanisms. It involves recognizing that breaches are not a question of ‘if’ but ‘when’. This acknowledgement drives the development of strategies focused on rapid detection, response, and recovery.

A crucial aspect of this shift is changing the perception around planning for failure. Planning for cyber incidents shouldn’t be seen as admitting defeat but as a proactive measure to strengthen resilience. It’s about preparing to respond effectively, not expecting to fail.

The best way to achieve this new mindset is through the implementation of Zero Trust Segmentation (ZTS) solutions. ZTS reduces the blast radius of any attack by up to 66 per cent, by breaking up the network into multiple small segments. This helps security teams to limit user access and monitor communication and traffic flow between different network segments. So, when unauthorized access occurs, the user’s movement is confined to that particular network segment, thereby thwarting lateral movement.

Moreover, ZTS extends its ROI beyond immediate breach response. We found that organizations report up to 90 per cent savings in SecOps labor and substantial reductions in tool consolidation costs, reaching up to $3 million in savings. This strategic shift not just bolsters security but also supports business continuity, safeguarding against the disruptive effects of cyber incidents.

Addressing risks in ongoing cloud migration

Finally, enterprises also need to ensure their security strategies can keep up with the scope and complexity of their developing IT estates. Cloud migration presents fertile ground for threat actors.

Misconfigurations and shadow IT expand the attack surface, leaving cloud resources inadvertently exposed and providing easy access for attackers. The complexity of cloud infrastructure, combined with rapid deployment cycles, increases the likelihood of such vulnerabilities, making diligent configuration management and continuous security monitoring essential.

Most importantly, zero-day vulnerabilities in cloud platforms pose a persistent threat. Attackers can exploit these unknown vulnerabilities before vendors issue patches or fixes, leading to data breaches and system compromises. This is why it’s imperative for organizations to prioritize security investments as they expand their digital footprints.

Key to managing cloud-related risks is a thorough understanding of the cloud architecture and its security implications. Enterprises must assess their cloud environments for vulnerabilities, prioritizing the protection of sensitive data and critical operations. This involves implementing security controls tailored to the cloud, such as identity and access management (IAM) solutions, encryption, and endpoint security.

Furthermore, organizations need to monitor suspicious activities continuously, employing advanced threat detection tools that can adapt to the cloud’s fast-paced changes. This level of vigilance helps in early detection of potential breaches, allowing for swift action to mitigate risks.

Collaboration with cloud service providers (CSPs) enhances security outcomes. CSPs often offer built-in security features and best practices guidance. Leveraging these resources, in conjunction with a comprehensive security strategy, can significantly reduce the attack surface.

Ultimately, as digital footprints expand, organisations must keep security outcomes at the forefront of their planning and investment decisions. By understanding the unique challenges of cloud environments and adopting ZTS within the ‘assume attack’ framework, enterprises can achieve the best ROI from their investments.

We’ve featured the best ransomware protection.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:


We are in the golden age for hackers, as cyber threats are becoming both sophisticated and more accessible. Attack volumes are on the rise, with the NCSC even stating that attacks were at an “all-time high”. This means that security leaders are under significant scrutiny to provide tangible, measurable outcomes…

Leave a Reply

Your email address will not be published. Required fields are marked *