- Table of contents
The author
I love to get stuck in and let the creative juices flow. My strengths lie in idea generation, development and execution. Over 5 years experience in B2B cybersecurity. I reign supreme when my imagination and creativity can run wild.
Table of contents
Related Articles
How Threat Intelligence Drives Efficiency in an Economic Downturn
Once upon a time, organizations saw cybersecurity as a technical challenge that affected just technical stakeholders.
Those days are over. Security has become a business problem. Aware of the danger that cyberattacks pose to business revenue and reputation, executives and boards are focusing more extensively on ensuring that their IT organizations are handling security risks, which means CISOs face more pressure than ever. The typical CISO “was already tired through the pandemic, got burned out during the pandemic, [and] is now being told to run faster than ever,” as Curtis Simpson, CISO at Armis Security, puts it.
This change presents a challenge to cybersecurity leaders at the best of times. But it’s exacerbated at present by economic turbulence, which has increased the pressure on security teams to do more with fewer financial resources, despite the growing cyber risk.
These dual challenges – increased scrutiny of security by business leaders on the one hand and tighter budgets on the other – mean that organizations need to revamp their strategies for handling cyber threats. They must find ways of reducing the risk of attacks – and, by extension, avoiding the business fallout from a cyberattack – while simultaneously extending the efficiency of their strained teams and budgets.
The Challenges Security Teams Are Currently Facing
An obvious difficulty is the fact that IT leaders often have less money to toss at security risks than they did just a year or two ago. Hiring slowdowns have reduced the size of some cybersecurity teams, and digital threat intelligence tools have become harder to acquire due to budget limitations.
Plus, even in cases where the budget available for cybersecurity hasn’t changed significantly, organizations face ever-increasing rates of cyber–attack. For example, in 2022 the average cost of a data breach had climbed 12.7% from USD 3.86 million in the 2020 report. Not only that but 66% of organizations reported being hit by ransomware in 2023 vs. 51% in 2020.
As if that weren’t troubling enough, consider also the terrifying new opportunities that AI has created for threat actors. “It’s only now that the AI algorithms have evolved where good bot vs. bad bot becomes a realistic threat,” the “defense evangelist” Roger Grimes recently noted, underlining a new type of cybersecurity front that CISOs will have to manage even as they continue to contend with more traditional threats.
In short, cyber challenges have grown steadily steeper over the past year, while at the same time, the resources available to businesses to handle vulnerabilities have decreased.
New Challenges Require New Approaches to Digital Threat Intelligence
Faced with these pressures, what can security leaders do?
The answer, at a high level, is to rethink the way they leverage technology and resources. They need to treat security technology not just as tools, but also as a source of innovation that can help overstretched cybersecurity teams do more without more resources. They need, in other words, to find ways to turn their security analysts into superheroes while keeping security spending in check.
Specific strategies for achieving that goal include the following:
Tool consolidation
Rather than paying for multiple security products, security leaders can save their businesses money by consolidating their tools around a single vendor’s platform. In addition to reducing the direct costs of tools, consolidation can save money in indirect ways by simplifying the procurement and vendor management process. It also offers the benefit of less vendors from a security standpoint, reducing the “vendor attack surface”.
The ability to save money and streamline operations puts security leaders in a strong position to explain to executives and corporate boards how they are prioritizing the business’s interests while also taking action against security threats. It helps them paint security as an investment, rather than a mere cost center.
Combined capabilities
Consolidation should not be limited simply to purchasing different security tools from the same vendor. Instead, security leaders should look for solutions that provide truly integrated security capabilities that cover multiple areas, including:
- Cyber threat intelligence including deep and dark web monitoring and the tracking of threat actors and malicious malware. Keeping up with the latest TTPs allows for strategic and prioritized cybersecurity planning. However, threat intelligence must be coordinated with attack surface management to ensure that security teams only receive the threat intelligence that is uniquely relevant to them and their attack surface.
- Attack surface management (ASM), for discovering unknown risks – such as shadow IT – as well as misconfigurations, open ports, high-risk CVEs, exposed cloud storage etc.
- Digital Risk Protection (DRP), as your attack surface doesn’t stop with your external IT infrastructure – it also extends to your brand and logos. DRP helps identify brand impersonation in phishing sites, fake social media profiles, and rogue applications. It also monitors the deep and dark web for targeted mentions of your brand name and product.
- Supply Chain Intelligence, which allows teams to get ahead of security risks that originate in their software supply chains, as well as in digital services provided by vendors and partners.
When you combine all 4 of these security capabilities into a single tool, you get a solution that is worth more than the sum of its parts because each capability provides critical context that amplifies the effectiveness of other capabilities. Threat intelligence combined with total attack surface management helps security analysts determine whether a given threat is exploitable in their organization’s current environment, for example.
Enhancing in-house security teams
In-house security analysts can only do so much, especially if they spend the bulk of their time chasing never-ending streams of alerts. Instead of having thousands of pieces of intelligence, a consolidated tool only sends relevant threats. Highly targeted and contextualized intelligence allows analysts to investigate, respond, takedown much faster, again saving money and increasing efficiency. In turn, it helps overstretched security teams do more with limited staffing, maximizing budget efficiency.
Measuring the ROI of Digital Threat Intelligence
Don’t stop with implementing strategies like these. Be sure to develop mechanisms that allow you to measure the ROI of digital threat intelligence investments, so that you can demonstrate their value to the business.
You can do this by tracking data like the following:
- False positive rates for security alerts.
- Average amount of time analysts spend triaging and investigating threats.
- Mean Time to Remediate (MTTR) threats.
- Average tickets closed by security analysts per month.
The first three metrics on this list should drop significantly when you implement effective digital threat intelligence combined with ASM, DRP and supply chain intelligence. The last one should go up. When this happens, you’re saving money for the business while simultaneously improving its security posture.
Thriving in an Economic Downturn
Cybersecurity leaders are navigating challenging times, and matters will probably get worse before they get better. To survive – and, even better, thrive – decision-makers must invest in measures that help them to protect the interests of their businesses, while also maximizing the efficiency of their security teams and responding to cyber threats that are constantly growing in scope.
We’ve touched in this blog only on some of the strategies that can help leaders achieve these goals. For a more in depth conversation on the topic, get in touch.
