IBM’s X-Force research and development team declared 2011 to be the “Year of the Security Breach” based on an explosion of successful attacks and the emergence of more sophisticated attack techniques. Since then, news of security breaches at large and small organizations across various industries has become commonplace. Information technology (IT) security teams who once struggled to justify further investments are now finding their requests being granted — if not bolstered.

Power and Responsibility in Security Investments

While security teams can rejoice in their apparent reversal of fortune, they now have the attention of their respective organizations. With that attention comes new expectations about a safer enterprise network environment. Security teams face increasing pressure to not only keep their enterprises out of the headlines, but also to highlight the value of their security investments in affording greater business flexibility. Unfortunately, the frequency of cyberattacks shows no signs of abating.

Another cold reality is the all-too-common need to first shore up existing or legacy security infrastructures that were weakened due to a prior lack of appropriate funding. This limits the natural inclination to be more aggressive and modernize the organizational security posture. If it is accepted that complete security is neither attainable nor feasible, then the efficacy of an organization’s security posture relative to its peers can significantly influence its attractiveness as a target.

Of course, judicious use of the financial resources available to security teams has always been required, but now, the stakes have gotten higher. Old assumptions should be revisited, and a more nuanced analysis of each organization’s threat landscape should be performed.

Cognizance of certain trends will aid in formulating the ideal strategy for security investments. While still highly fragmented and quite dynamic, the security industry as a whole is maturing and consolidating, which is leading to fewer and better integrated solutions. At the same time, the motivations of malicious actors and more sophisticated attack methods require this new generation of cybercriminals to extract value proportionate to the resources they expend. If there is a silver lining of sorts, it’s that security is now a growing profession and not just an extension of IT operations and management. Nevertheless, while the availability of expertise is still outpaced by market demand for these new skills, security knowledge is certainly growing.

Closely assessing the significance of these security trends would suggest the following recommendations for optimizing an organization’s security investment strategy:

1. Specialize in Security Operations

Security teams need to specialize in security operations, not system integration. Previously, security teams invested in best-of-breed solutions focused on security niches, which left the door open to attackers to exploit vulnerable integrations. Numerous security projects failed to deliver operational value simply because the integration exercise was too complex or resource-intensive to perform during deployment. Given that the security industry is consolidating, security teams can refocus their efforts on security operations and outsource the system integration exercise to their security solution providers. While there is still value to security through diversity, it needs to be evaluated against the efficacy and cost-effectiveness of integrated security solutions.

2. Map Threat Surface Area Based on Risk

Take time to map out your organization’s threat surface area based on quantifiable risk to stakeholders, who can range from customers to employees and owners. This exercise allows a security team to identify the critical identities, systems, network elements, data and applications that need to be safeguarded. At a minimum, this allows for the prioritization of investments such that defensive measures are deployed to the most attractive targets at an organization so that malicious actors are disincentivized.

3. Place Investment Focus on Security Knowledge

Remember to acquire security knowledge, not just tools. Investments purely in technology assets often have disappointing results. Organizations need to acquire the expertise to operate advanced technologies and/or invest in solutions that provide a greater degree of automation built on a foundation of security knowledge. Additionally, security can only be enhanced when practicing defense in ranks. For example, collecting information from third-party security researchers or even governmental organizations can greatly improve security operations. Turning this knowledge into action will improve the effectiveness and responsiveness of the organization’s cybersecurity apparatus.

Read the complete IT executive guide to security intelligence

From your experience, what advice do you have to help organizations optimize their investments in cybersecurity?

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…