[By Chase Richardson, Head of US & Lead Principal at Bridewell]
The operators of US critical infrastructure are facing intense pressure due to cyber threats to their interconnected systems and networks. To bolster the sector’s defenses, the Biden-Harris Administration last year rolled out the National Cybersecurity Strategy. This comprehensive set of mandatory regulations aims to stop threat actors in their tracks as part of a persistent and continuous campaign. The invasion of Ukraine by Russia in 2022 led President Biden to call on businesses to brace for nation-state attacks, and to incorporate the relevant measures against a rising tide of sophisticated and persistent cyber threats.
But there’s a cost that comes with this preparation. Recent Bridewell research shows that almost three-out-of-four (73%) organizations in the critical infrastructure space have witnessed a reduction in their cybersecurity budget. A slowing economy and rising inflation have contributed to the squeeze.
As available cash is reduced, how can organizations keep focus on ever-growing cybersecurity demands? Addressing these will involve three critical priorities: meticulous risk assessment, clear demonstration of ROI and the strategic selection of the right tools to withstand growing cyber risks.
Scoping the risks and costs
There’s no magic solution in the context of cybersecurity strategy, but it’s also not something that can be compromised. According to Bridewell’s research, US organizations suffered on average a total of 26 ransomware-related security incidents in the last year alone, with almost a fifth (17%) experiencing a mean of over 50 incidents – an average of one almost every week. To keep businesses’ physical, financial, human, and intellectual assets safe from escalating risks, it is more crucial than ever to embrace a proactive and comprehensive cybersecurity strategy.
A risk-based approach is the best course of action. It focuses organizations on ensuring that stretched resources are allocated to the protection of the most critical assets, enabling an optimum return on investment (ROI) when it comes to cybersecurity efforts. By aligning security measures with potential business impacts, organizations can optimize their cybersecurity strategies, minimizing disruptions and mitigating the financial and reputational damage of a cyberattack.
But with pressure mounting to provide evidence of strong ROI in financially tough times, cyber leaders may turn to an excess of security tools. However, this approach is often counterproductive. Not only does it escalate costs, but it also often fails to consider the integration between technologies and the security holes that may arise. Instead, consolidating cybersecurity technologies and tools is vital for enabling a unified view of security across a business’s entire technology stack. It also presents an opportunity to identify where technology can relieve operational challenges by using automation to enhance efficiency and streamline operations.
Rather than gather an unmanageable level of disparate security tools, businesses should instead allocate their funding to continuous training and development for the professionals in charge of managing and improving these solutions. This ensures that security teams remain updated on the latest practices and evolving threats, enabling them to respond promptly to emerging cyber risks and reduce the potential impacts and costs of a security incident.
Showing true ROI
There’s likely to be a disconnect between security teams and the C-suite regarding the value of a robust security strategy in mitigating cyber risks. The C-suite may be concerned by the lack of visible results and subsequent ROI. Therefore, demonstrating the tangible value of cybersecurity investment is crucial for decision-makers, particularly when it comes to assessing the impact of security on technology, people and processes throughout the entire organization.
Security leaders must come together to devise a security strategy that’s both clearly defined and puts business goals and risk mitigation front-of-mind. This strategic alignment will be key to demonstrating to the board how their investment in cybersecurity can achieve specific objectives, increasing the likelihood of obtaining executive buy-in and support.
With a comprehensive strategy, businesses can benefit from a framework that enables them to measure progress and the ROI delivered by their cybersecurity investments. This is why it’s essential that security teams set measurable objectives, define key performance indicators (KPIs), and establish clear benchmarks, so that they can provide evidence of all positive impacts on the organization’s financial and operational performance. Effectively communicating competitive advantage showcases the lasting value of cybersecurity investments, going beyond peace-of-mind against cyber-attacks and delivering long-term business benefits.
Leveraging the right tools
Organizations must leave outdated tools behind, particularly in the area of threat monitoring and response, if they are to optimize cybersecurity and align demand with available resources. The technology stacks of old often produce a number of alerts, forcing teams to manually check each one and formulate a response. On the other hand, modern approaches that cut down the number of security tools within an organization instead focus on bringing in security professionals with the skills and experience to address threats and other security challenges.
Managed detection and response (MDR) is one such approach, which brings together human analysis, artificial intelligence and automation to enable organizations to rapidly detect, analyze, investigate and actively respond to cyber threats on a round-the-clock basis. As a fully outsourced service or with a hybrid security operations center (SOC), it is both cost-effective and can be rapidly rolled out. It can provide the basis for a reference security architecture to protect SaaS solutions, cloud applications and on-premise deployments. Dwell time against breaches can be reduced, alongside cyber risk.
A critical component of the best MDR services is extended detection and response (XDR) technology. This brings detection and response capabilities to elements including the network, cloud, endpoint, web and email and, most importantly, identity. This gives businesses the ability to safeguard their data, assets and users from increasing cyber threats.
Amid growing economic uncertainty, organizations must put cybersecurity at the top of the agenda by protecting their vital data and operations. Working alongside a security provider to implement MDR and achieve consolidation of security tools will enhance processes and allow teams to expand their skills. ROI can be significantly improved and organization-wide resilience can be achieved.
Bio
Chase Richardson is the Head of US & Lead Principal of Bridewell. Chase joined Bridewell in 2022 to open its first US office. Prior to Bridewell, Chase was a founding member of another Cybersecurity consulting firm in Houston where he helped grow the business from 5 to 50 employees over 4 years, specializing in Cybersecurity Risk, Governance, and Compliance, Offensive Penetration Testing, Security Operations and Data Privacy. Chase has an MBA from Emory University and is a Certified Information Systems Security Professional (CISSP) and Certified Information Privacy Professional (CIPP/US).
