As Security Becomes a Boardroom Topic, CISOs Are Seeking Threat Intelligence Analytics Tools to See the Big Picture Required to Prioritize Risks and Align with Business Goals.
Is all press good press? Not when it looks like this:
Cyber security is a hot (very hot) topic because when successful attacks happen, the news hits front pages with speed and force—and it’s seldom pretty.
Attacks don’t just cause bad press, they can cause massive amounts of fraud, loss of profits, and much more. The Home Depot data breach is expected to cause $2 billion to $3 billion in fraud based on just 10% – 15% of affected accounts being compromised.
Perhaps this is why cyber security is 2014’s #1 priority for those responsible for keeping government networks safe. According to 2014 Teach America Federal CIO and CISO Survey, the top 3 government priorities are:
- Cyber security
- Modernization / Innovation
- Cloud / Mobility
While the top 3 challenges are:
- Human Capital / Workforce
- Cyber / IT Security
- Budget / Costs / Savings
This isn’t a surprise as cyber security was a top concern/priority in their 2013 and 2012 surveys as well. Government agencies have it tough when it comes to cyber attacks. While many of these attacks originate from outside the USA, agencies also need to be aware of what their own employees are doing (for example: the IRS employee who took home data). Keeping threats outside their network but also, quickly identifying insider threats (possibly before they even happen) is extremely difficult.
So what is the Government spending on cyber security? According to the Teach America survey, current federal budgets allocate about 15% of IT spending to cyber. The FY 15 budget is requesting $13 Billion to improve cyber security and mitigate threats. Avascent expects the cyber spending to grow 4% per year from 2014 – 2018 with solution spending to slightly outpace services by 2018.
The issues and concerns for the private sector aren’t that different from the public sector. Cyber security ranks as one of the top concerns among the Energy, Insurance, Retail, Banking, and just about every major industry. Financial services companies lost an average of $23.6 million from cyber breaches in 2013, which was about a 44% increase from 2012, according to Deloitte’s Transforming Cybersecurity report.
Now according to a Chief Information Security Officer survey performed by Scale Ventures and Wisegate, CISOs:
- Remain vigilant on the fundamentals – malware outbreaks and data breaches.
- Are concerned about the lack of tools to see the big picture required to prioritize risks and align with business goals.
- Are focusing on data as IT hands off infrastructure control.
- Are pushing automation orchestration to manage “point solution sprawl”.
One of the most surprising findings was #2. Half the participants of this survey admitted that when prioritizing their risks and business alignment, they didn’t have a good way to measure the status of these risks or how effective their programs were at addressing them. If you think about it, that’s pretty scary.
According to Bill Burns, Executive-in-Residence at Scale Ventures and Wisegate Member, “Security and risk management systems are becoming Board-level discussions, government and industry regulations are also requiring better risk monitoring and controls. While many security products do provide dashboards, those tend to be specific to that product’s threats and activities. What’s needed are efficient ways to map all of this event data into holistic, business-level perspectives.”
Threat Intelligence Analytics
We all know attacks will get through your defenses. Organizations and agencies have been throwing money at preventing attacks for years yet, unknown, targeted, cyber threats are causing major headaches within enterprises. While it’s important to keep these threats out, its equally important to quickly identify, analyze, and eliminate these threats, and CISOs understand this. But doing this correctly is no easy task. Diana Kelly with IBM recently wrote an excellent piece about why it’s so difficult to turn data into threat intelligence. She states that it’s very easy to misinterpret data and draw inaccurate conclusions, however, “the more context and information one can enrich the data set with, the better the intelligence will be.” She goes on, “We need to start looking past the security and SIEM ‘headlines’ and dive deeper into the root causes and dependencies.”.
According to Martin Sutherland, Managing Director, BAE Systems Applied Intelligence and BAE’s 2014 Cyber Security Monitor Report, “In order to adapt to the ever evolving threat landscape, companies will also need to develop holistic threat intelligence management programs supported by security platforms that not only provide the raw intelligence data but also the ability to process and analyze large amounts of complicated information as quickly and clearly as possible.”
We couldn’t have said this better ourselves. The ability to process various data sources and types quickly, allowing the analysts to dive into the data and gain the insights needed to help their management make critical decisions is extremely valuable and this is exactly what we do at IKANOW.
IBM’s 2014 Global Cost of Data Breach Study says the average cost of a data breach for a US company is $201 per record. Now the average number of records compromised in a data breach, for a US company, is over 29,000. That’s over $5.8 million per data breach. What if you could reduce the number of breaches and the number of compromised records by, say 25%, because you have the ability to process, enrich, and analyze large amounts of data giving you fast time to insights? This could save your organization over $1.4 million per breach!
A proactive cyber threat intelligence analytics solution that can provide you rapid insights and actionable intelligence can (1) drastically reduce the time and costs spent resolving these attacks; (2) improve your brand reputation (or help keep you out of the news); and (3) save your organization millions, or even billions, of dollars in lost profits, legal fees, and more.
Contact us to see if we can help your organization improve your cyber posture.