Think Process not Procurement for Better Cybersecurity ROI, Karen O’Connor, General Manager, ICT Services and Solutions at Datapac

Guest article by Karen O’Connor, General Manager, ICT Services and Solutions at Datapac

The decision to invest in cybersecurity can often be difficult to reconcile at the business level. As a non-revenue generating cost, it can be challenging to advocate for, especially with so many conflicting demands on organisational resource. While organisations are increasing their investment in IT infrastructure, a blind spot emerges when it comes to the poor relation that is cybersecurity. A strategic approach guided by a critical eye needs to be taken. Rather than engaging in a broad box-ticking exercise, organisations need to analyse the actual processes involved that are required to deliver on specific cybersecurity objectives. They need to engage with scalable solutions that offer a flexible approach; leveraging technology synergies between products to deliver a best-fit solution on cybersecurity objectives.

This shift in perspective should lead to cybersecurity being viewed not as a cost, but as a critical investment underpinning the protection of an organisation’s key systems, data and reputation. Any investment choice taken by a business needs to be justified and capable of delivering a demonstrable Return on Investment (ROI). This Cybersecurity Awareness Month, a useful way to help conceptualise ROI on cybersecurity investments is by examining how each additional security asset can aid in breaking a link in the Cyber Kill Chain.

Breaking the chain

The Cyber Kill Chain describes the typical stages involved in a successful digital attack. An attack will usually start with some form of reconnaissance and move down through the chain in stages, ultimately ending with malicious actions against the compromised organisation. The earlier in the chain an attack can be disrupted, the less damage will be done to the affected organisation. By aligning defences with the processes involved in breaking the links in the chain, an organisation can be confident it is investing in security products that can directly disrupt an attack and minimise harm. Cybersecurity needs to be implemented in a layered approach to counteract advanced modern attacks.

By aligning investments in cybersecurity products to breaking a link in the Cyber Kill Chain, an organisation can gain clear visibility into how each asset is making a difference in securing the business ROI in relation to cybersecurity, which can be difficult to quantify in tangible financial terms. Instead, the ROI should be examined in terms of reducing the digital risk to an organisation which will ultimately enable business operations to continue. To add to this, GDPR regulation demands that due care and diligence are exercised when protecting Personally Identifiable Information (PII). A glaring weakness in cyber defences that exposes PII could result in heavy financial penalties.

Strategic investment is key

In the Cyber Kill Chain, the delivery stage is largely considered the most critical point in stopping an attack. Investing in quality security products at this stage will prevent malware from infiltrating an organisation and greatly decreases the amount of remediation work required. It is widely recognised that around 90% of all cyberattacks begin with a malicious email. Through strategically examining the processes involved in breaking this link, an organisation could logically arrive at the conclusion that investing in an email filtering product coupled with user awareness training can reduce the attack surface very significantly and slam the door shut at the deliver stage. An advanced next-gen firewall and endpoint protection product with built-in anti-ransomware capabilities can break many links in the chain. When considering where an organisation should spend its cybersecurity budget, investing in the latest and best-in-class firewall and endpoint solutions is a great start and will ensure the best kill chain disruption ROI.

Navigating borderless networks

While prevention remains a critical component in any defence strategy, detection and sharing of information between security products is rapidly growing in importance. Over the past 18 months, businesses have had to contend with a relatively new challenge: borderless networks. When once an organisation only had to contend with delivering security to devices directly connected to the on-premises network, the ongoing hybrid work approach extends the perimeter to anywhere a device enters the network.

To combat this challenge, many organisations are striving towards the concept of zero-trust; a security process where nobody is trusted by default, requiring verification and authorisation of all users and devices to gain access to the network. By engaging in a strategic, business-led approach, an organisation could begin to identify the security products needed to support the implementation of this business-led ideology. In this scenario, the need may be identified for a firewall and endpoint solution which will leverage synergies by sharing information and taking swift automated action on any device that has known malicious indicators of compromise.

There is no silver bullet to solve all of an organisation’s cybersecurity headaches. Always assume the network has been compromised and by using the Cyber Kill Chain as a reference, a company can implement an in-depth defence strategy to better secure the organisation and ensure meaningful return on investment.

See more stories here.