IBM’s X-Force research and development team declared 2011 to be the “Year of the Security Breach” based on an explosion of successful attacks and the emergence of more sophisticated attack techniques. Since then, news of security breaches at large and small organizations across various industries has become commonplace. Information technology (IT) security teams who once struggled to justify further investments are now finding their requests being granted — if not bolstered.

Power and Responsibility in Security Investments

While security teams can rejoice in their apparent reversal of fortune, they now have the attention of their respective organizations. With that attention comes new expectations about a safer enterprise network environment. Security teams face increasing pressure to not only keep their enterprises out of the headlines, but also to highlight the value of their security investments in affording greater business flexibility. Unfortunately, the frequency of cyberattacks shows no signs of abating.

Another cold reality is the all-too-common need to first shore up existing or legacy security infrastructures that were weakened due to a prior lack of appropriate funding. This limits the natural inclination to be more aggressive and modernize the organizational security posture. If it is accepted that complete security is neither attainable nor feasible, then the efficacy of an organization’s security posture relative to its peers can significantly influence its attractiveness as a target.

Of course, judicious use of the financial resources available to security teams has always been required, but now, the stakes have gotten higher. Old assumptions should be revisited, and a more nuanced analysis of each organization’s threat landscape should be performed.

Cognizance of certain trends will aid in formulating the ideal strategy for security investments. While still highly fragmented and quite dynamic, the security industry as a whole is maturing and consolidating, which is leading to fewer and better integrated solutions. At the same time, the motivations of malicious actors and more sophisticated attack methods require this new generation of cybercriminals to extract value proportionate to the resources they expend. If there is a silver lining of sorts, it’s that security is now a growing profession and not just an extension of IT operations and management. Nevertheless, while the availability of expertise is still outpaced by market demand for these new skills, security knowledge is certainly growing.

Closely assessing the significance of these security trends would suggest the following recommendations for optimizing an organization’s security investment strategy:

1. Specialize in Security Operations

Security teams need to specialize in security operations, not system integration. Previously, security teams invested in best-of-breed solutions focused on security niches, which left the door open to attackers to exploit vulnerable integrations. Numerous security projects failed to deliver operational value simply because the integration exercise was too complex or resource-intensive to perform during deployment. Given that the security industry is consolidating, security teams can refocus their efforts on security operations and outsource the system integration exercise to their security solution providers. While there is still value to security through diversity, it needs to be evaluated against the efficacy and cost-effectiveness of integrated security solutions.

2. Map Threat Surface Area Based on Risk

Take time to map out your organization’s threat surface area based on quantifiable risk to stakeholders, who can range from customers to employees and owners. This exercise allows a security team to identify the critical identities, systems, network elements, data and applications that need to be safeguarded. At a minimum, this allows for the prioritization of investments such that defensive measures are deployed to the most attractive targets at an organization so that malicious actors are disincentivized.

3. Place Investment Focus on Security Knowledge

Remember to acquire security knowledge, not just tools. Investments purely in technology assets often have disappointing results. Organizations need to acquire the expertise to operate advanced technologies and/or invest in solutions that provide a greater degree of automation built on a foundation of security knowledge. Additionally, security can only be enhanced when practicing defense in ranks. For example, collecting information from third-party security researchers or even governmental organizations can greatly improve security operations. Turning this knowledge into action will improve the effectiveness and responsiveness of the organization’s cybersecurity apparatus.

Read the complete IT executive guide to security intelligence

From your experience, what advice do you have to help organizations optimize their investments in cybersecurity?

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read