September 8, 2014 By Vijay Dheap 3 min read

IBM’s X-Force research and development team declared 2011 to be the “Year of the Security Breach” based on an explosion of successful attacks and the emergence of more sophisticated attack techniques. Since then, news of security breaches at large and small organizations across various industries has become commonplace. Information technology (IT) security teams who once struggled to justify further investments are now finding their requests being granted — if not bolstered.

Power and Responsibility in Security Investments

While security teams can rejoice in their apparent reversal of fortune, they now have the attention of their respective organizations. With that attention comes new expectations about a safer enterprise network environment. Security teams face increasing pressure to not only keep their enterprises out of the headlines, but also to highlight the value of their security investments in affording greater business flexibility. Unfortunately, the frequency of cyberattacks shows no signs of abating.

Another cold reality is the all-too-common need to first shore up existing or legacy security infrastructures that were weakened due to a prior lack of appropriate funding. This limits the natural inclination to be more aggressive and modernize the organizational security posture. If it is accepted that complete security is neither attainable nor feasible, then the efficacy of an organization’s security posture relative to its peers can significantly influence its attractiveness as a target.

Of course, judicious use of the financial resources available to security teams has always been required, but now, the stakes have gotten higher. Old assumptions should be revisited, and a more nuanced analysis of each organization’s threat landscape should be performed.

Cognizance of certain trends will aid in formulating the ideal strategy for security investments. While still highly fragmented and quite dynamic, the security industry as a whole is maturing and consolidating, which is leading to fewer and better integrated solutions. At the same time, the motivations of malicious actors and more sophisticated attack methods require this new generation of cybercriminals to extract value proportionate to the resources they expend. If there is a silver lining of sorts, it’s that security is now a growing profession and not just an extension of IT operations and management. Nevertheless, while the availability of expertise is still outpaced by market demand for these new skills, security knowledge is certainly growing.

Closely assessing the significance of these security trends would suggest the following recommendations for optimizing an organization’s security investment strategy:

1. Specialize in Security Operations

Security teams need to specialize in security operations, not system integration. Previously, security teams invested in best-of-breed solutions focused on security niches, which left the door open to attackers to exploit vulnerable integrations. Numerous security projects failed to deliver operational value simply because the integration exercise was too complex or resource-intensive to perform during deployment. Given that the security industry is consolidating, security teams can refocus their efforts on security operations and outsource the system integration exercise to their security solution providers. While there is still value to security through diversity, it needs to be evaluated against the efficacy and cost-effectiveness of integrated security solutions.

2. Map Threat Surface Area Based on Risk

Take time to map out your organization’s threat surface area based on quantifiable risk to stakeholders, who can range from customers to employees and owners. This exercise allows a security team to identify the critical identities, systems, network elements, data and applications that need to be safeguarded. At a minimum, this allows for the prioritization of investments such that defensive measures are deployed to the most attractive targets at an organization so that malicious actors are disincentivized.

3. Place Investment Focus on Security Knowledge

Remember to acquire security knowledge, not just tools. Investments purely in technology assets often have disappointing results. Organizations need to acquire the expertise to operate advanced technologies and/or invest in solutions that provide a greater degree of automation built on a foundation of security knowledge. Additionally, security can only be enhanced when practicing defense in ranks. For example, collecting information from third-party security researchers or even governmental organizations can greatly improve security operations. Turning this knowledge into action will improve the effectiveness and responsiveness of the organization’s cybersecurity apparatus.

Read the complete IT executive guide to security intelligence

From your experience, what advice do you have to help organizations optimize their investments in cybersecurity?

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today