Here’s a hint: Crossing your fingers won’t cut it. After you work with your board or senior management team to establish a cybersecurity regime, it’s essential to implement technology to execute the strategy.
Companies employing security intelligence systems were more efficient in detecting and containing cyber-attacks. By using Security Information and Event Management (SIEM), Network Security Platform with reputation feeds, and network intelligence systems, companies enjoy an average cost savings of $1.9 million when compared to companies that aren’t using these types of technologies, according to research from the Ponemon Institute.
Oftentimes, technology is very good at helping optimize one part of a strategy. Security intelligence systems, however, optimize virtually every single point in the cybersecurity cycle.
The points on the cybersecurity cycle are:
- Detection: Activities enabling organizations to identify and deter cyber-attacks or advanced threats. This includes overhead costs of certain technology solutions enhancing mitigation or early detection.
- Investigation and escalation: Activities thoroughly uncovering the source, scope, and magnitude of cybersecurity incidents. The escalation activity also includes the steps taken to organize an initial management response.
- Containment: Activities focusing on stopping or reducing the severity of cyber-attacks or advanced threats. These include shutting down high-risk attack vectors such as insecure applications or endpoints.
- Recovery: Activities associated with repairing organizations’ systems and core business processes. These include the restoration of damaged information assets and other IT assets, such as ones in the data center.
- Ex-post response: Activities helping organizations minimize potential future attacks. These include containing costs from business disruption and information loss as well as adding new enabling technologies and control systems.
Security intelligence systems saved companies money in every single point on the cycle except for the investigation and escalation point on the cybersecurity cycle. That makes sense, given you are spending more money using technology to understand the source, scope, and magnitude of the cyber attack.
What about all the other enabling security technologies out on the market? Should you just avoid those entirely?
Absolutely not. The majority of companies surveyed didn’t even use security intelligence systems (43 percent of companies). Other security technologies deployed include:
- Access governance systems: 50%
- Encryption technology: 44%
- GRC (Governance, Risk and Compliance) systems: 42%
- DLP (Data Loss Prevention) systems: 40%
- Advanced perimeter controls and firewall technologies: 39%
- Automated policy management systems: 26%
You can still realize significant savings using these other technologies. The average savings ranged from approximately $400,000 (policy management systems) to nearly $1.8 million (access governance tools).
It’s important to note technology on its own will not create a bulletproof cybersecurity regime. Technology enables a strategy; it isn’t the entire strategy. You have to create a plan and then find the right technology to execute the strategy. You still need to take a hard look at your processes and training your people as well.
It can be confusing to understand what to do (and what to purchase). We can help: Visit our website to learn how we protect against threats and provide a secure data and computing environment, supported by an incident response team of counter intelligence experts with guaranteed day-zero breach detection.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.