September 8, 2014 By Vijay Dheap 3 min read

IBM’s X-Force research and development team declared 2011 to be the “Year of the Security Breach” based on an explosion of successful attacks and the emergence of more sophisticated attack techniques. Since then, news of security breaches at large and small organizations across various industries has become commonplace. Information technology (IT) security teams who once struggled to justify further investments are now finding their requests being granted — if not bolstered.

Power and Responsibility in Security Investments

While security teams can rejoice in their apparent reversal of fortune, they now have the attention of their respective organizations. With that attention comes new expectations about a safer enterprise network environment. Security teams face increasing pressure to not only keep their enterprises out of the headlines, but also to highlight the value of their security investments in affording greater business flexibility. Unfortunately, the frequency of cyberattacks shows no signs of abating.

Another cold reality is the all-too-common need to first shore up existing or legacy security infrastructures that were weakened due to a prior lack of appropriate funding. This limits the natural inclination to be more aggressive and modernize the organizational security posture. If it is accepted that complete security is neither attainable nor feasible, then the efficacy of an organization’s security posture relative to its peers can significantly influence its attractiveness as a target.

Of course, judicious use of the financial resources available to security teams has always been required, but now, the stakes have gotten higher. Old assumptions should be revisited, and a more nuanced analysis of each organization’s threat landscape should be performed.

Cognizance of certain trends will aid in formulating the ideal strategy for security investments. While still highly fragmented and quite dynamic, the security industry as a whole is maturing and consolidating, which is leading to fewer and better integrated solutions. At the same time, the motivations of malicious actors and more sophisticated attack methods require this new generation of cybercriminals to extract value proportionate to the resources they expend. If there is a silver lining of sorts, it’s that security is now a growing profession and not just an extension of IT operations and management. Nevertheless, while the availability of expertise is still outpaced by market demand for these new skills, security knowledge is certainly growing.

Closely assessing the significance of these security trends would suggest the following recommendations for optimizing an organization’s security investment strategy:

1. Specialize in Security Operations

Security teams need to specialize in security operations, not system integration. Previously, security teams invested in best-of-breed solutions focused on security niches, which left the door open to attackers to exploit vulnerable integrations. Numerous security projects failed to deliver operational value simply because the integration exercise was too complex or resource-intensive to perform during deployment. Given that the security industry is consolidating, security teams can refocus their efforts on security operations and outsource the system integration exercise to their security solution providers. While there is still value to security through diversity, it needs to be evaluated against the efficacy and cost-effectiveness of integrated security solutions.

2. Map Threat Surface Area Based on Risk

Take time to map out your organization’s threat surface area based on quantifiable risk to stakeholders, who can range from customers to employees and owners. This exercise allows a security team to identify the critical identities, systems, network elements, data and applications that need to be safeguarded. At a minimum, this allows for the prioritization of investments such that defensive measures are deployed to the most attractive targets at an organization so that malicious actors are disincentivized.

3. Place Investment Focus on Security Knowledge

Remember to acquire security knowledge, not just tools. Investments purely in technology assets often have disappointing results. Organizations need to acquire the expertise to operate advanced technologies and/or invest in solutions that provide a greater degree of automation built on a foundation of security knowledge. Additionally, security can only be enhanced when practicing defense in ranks. For example, collecting information from third-party security researchers or even governmental organizations can greatly improve security operations. Turning this knowledge into action will improve the effectiveness and responsiveness of the organization’s cybersecurity apparatus.

Read the complete IT executive guide to security intelligence

From your experience, what advice do you have to help organizations optimize their investments in cybersecurity?

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today