a

Solving Cyber Risk

From Solving Cyber Risk. Andrew Coburn, √Čireann Leverett, Gordon Woo. Page 269-270.

Cost Effective Technologies

The Ponemon Institute published an anonymized survey of a sample of 1254 large organisations spread across a broad range of 15 industries1.

Information was gathered on corporate expenditure on cyber security technologies, as well as the costs of cyber-crime.

These are costs to detect, recover investigate and manage the incident response. Also covered wee the costs that result in clean-up activities and efforts to reduce business disruption and the loss of customers. From this survey the following five technologies emerged as the most cost effective. In order of decreasing returns on investment they are listed as follows:

    1. Security intelligence systems make use of approved white lists and blacklists, provide a baseline of known and authorized applications and processes on the network and their attributes, support work flow and remediation, and report when unauthorized systems are detected.
    2. Advanced identity and access governance help protect access to applications and resources enabling additional levels of validation such as multi-factor authentication and conditional access policies. Monitoring suspicious activity through advanced security reporting, auditing, and alerting helps mitigate potential security problems.
    3. Automation, orchestration and machine learning enable users to gain efficiencies across their hybrid environments and provide operators and analysts with intelligent decision support, further increasing productivity.
    4. Extensive use of cyber analytics and user behaviour analytics facilitates the tracking, collecting, and assessing of user data and activities using monitoring systems. They analyse historical data logs to identify patterns of traffic caused by user behaviour both normal and malicious and provide security teams with actionable insights.
    5. Advanced perimeter controls are desirable because the perimeter is becoming fuzzy. Any sort of computing device may become part of the perimeter itself and many of these devices are mobile. The network perimeter has become a dynamic, changing barrier. The systems that interact with the network perimeter make this network dynamic.

Apart from these five technologies, lesser returns on investment are obtained from

    1. The extensive deployment of encryption technologies
    2. The extensive use of data loss prevention
    3. Enterprise deployment of governance, risk and compliance
    4. Automated policy management

These rankings return on investment maybe compared with rankings by actual corporate expenditure.

The technology rankings by actual expenditure are:1

  1. Advanced perimeter controls
  2. Advanced identity and access governance
  3. The extensive use of data loss prevention
  4. The extensive deployment of encryption technologies
  5. Enterprise deployment of governance, risk and compliance
  6. Automation, orchestration and machine learning
  7. Security intelligence systems
  8. Automated policy management
  9. Extensive use of cyber analytics and user behaviour analytics

The results may be a surprise to many of those who make cyber security investment decisions. It turns out that there are significant differences in rankings. Most money was spent on advanced perimeter controls which are ranked fifth in terms of cost effectiveness. Most cost-effective were security intelligence systems, which are seventh in expenditure.

Reference: 1. Ponemon Institute. Cost of Cyber Crime Study: Insights on security investments that make a difference. Accenture report; 2017.