A well-constructed and effectively integrated cyber security strategy is the unsung hero working wonders behind the scenes, ensuring that operations or systems in a business continue to run smoothly and without disruption, writes Martin Riley, Director of Managed Security Services at the security and risk consultancy Bridewell Consulting.
While security teams will be fully aware of the value that cyber security strategy can play in reducing risk from cyber-attacks, its lack of visible results may raise concerns among business leaders about its ability to provide a healthy ROI to the organisation.
Being able to demonstrate ROI is so crucial when considering security’s impact on technology, people and processes across the entire organisation. So, with its validity potentially called into question, how best can you demonstrate the value of a cyber security investment?
Agree on the strategy and goals
Defining and agreeing on an effective cyber security is one of the first ports of call for security teams. This must consider the business goals and strategy and work towards enabling these whilst mitigating risk. A defined and layered strategy will form the best protection against a potentially catastrophic cyber-attack. Numerous industry examples have revealed the importance of sufficient security measures to guard against bad actors and consequences of not doing so. One of the most notable is British Airways which was fined £20m by the Information Commissioner’s Office in 2020 for failing to protect customers’ personal and credit card data. Or most recently, Kaseya, who suffered a ransomware attack which trigged an cyber crisis for the company and its customers across the globe.
An effective cyber security strategy, with clear defined goals and objectives, provides benefits beyond peace-of-mind against cyber-attacks, and demonstrating these will highlight its importance to other departments. For many companies, sufficient cyber security posture is a prerequisite for business engagements, particularly for larger organisations or those that provide services to governments. By having watertight security credentials and robust processes, businesses can open up markets and revenue streams that were previously impossible to attain, proving the long-term ROI of a cyber investment.
Leverage the investment in technology
Leveraging a cyber security investment is a significant step to proving ROI to the wider organisation. There are tangible ways you can achieve this by driving greater efficiencies. One area that is commonly under the spotlight is reducing the time and human cost it takes to cut through the noise created by outdated technologies, especially under the umbrella of monitoring and response.
Outdated technologies are usually defined by alerts that require professionals to understand and produce the appropriate response, impacting on time and resources. However, developments in artificial intelligence now enable patterns and behaviours across technologies to be identified in real-time, reducing unmanageable noise to a few understandable and actionable alerts.
Recent Managed Detection and Response (MDR) solutions drive greater efficiencies for businesses and represent a bigger opportunity for ROI value to be shared with the wider organisation. By combining artificial intelligence, automation and human analysis to detect and act on cyber threats, they can reduce cyber risk and the dwell time of breaches, enabling your team to focus efforts in other crucial areas.
The most effective methods of MDR are those that utilise Extended Detection and Response (XDR) technologies. This enables detection and response capabilities across network, web and email, cloud, endpoint and most crucially, identity. This ensures that despite the source of the attack, users, assets and data remain safeguarded. Choosing a solution that leverages existing investments in Microsoft 365 licensing can also enable consolidation among your security suppliers and reduce your overall security technology budget, all while increasing security coverage and visibility. Having separate solutions incurs significant costs, and consolidation under a carefully-chosen MDR solution could easily enable over £100k a year in cost savings.
Last but certainly not least, it pays to consider an MDR solution that can be offered as part of a hybrid security operations centre (SOC). Many organisations may currently utilise a SOC to manage their cyber security and traditionally this would either be fully outsourced or run in-house. However, running a SOC in-house can pose difficulties in terms of skills and people needed, while a completely outsourced SOC does not often align to your business’s objectives and culture.
Adopting a hybrid SOC approach leverages the skills of your in-house engineers, cyber security teams while also benefiting from the expertise of a managed security services provider (MSSP) to strengthen security posture. The MSSP can fill any gaps where in-house skill may not exist, such as threat hunting, threat intelligence, machine learning, analytics and developing security content, while also developing in-house expertise in a range of tools and techniques. However, as they will be operating as an extension of your team, it’s critical there is cultural alignment to ensure both teams work towards shared goals.
Achieving board buy-in
Cyber-attack methods are only going to increase in sophistication, so it’s never been more important for your business to assess the risks and mitigate them with the right processes, technology and controls in place to safeguard operations. Adopting technologies such as MDR and ensuring clear communications channels are established will provide the visibility to wider departments of the strategy’s value and its ROI.
Long-term ROI can also be realised thanks to the ability of these solutions to drive digital transformation initiatives, helping businesses to face the developing digital economy with greater surety. With these advantages established, you can put forward a compelling business case to the board to win support.