Stop Measuring Your Cybersecurity in Terms of Budget

DCMS | May 11, 2020

  • Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers.

  • The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks.

  • Clearly measuring how strong your cybersecurity is can no longer be done by how much money is spent on it each year.


The last decade has seen an explosion in cybersecurity spending, with the global market now valued at $112bn in 2019. Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers, but is this correlating with a reduction in cybercrime? A recent report found that while 85 percent of companies rated their security stack incredibly highly, 86 percent of them had still suffered a data breach in the last 12 months. Clearly there is a disconnect between how companies are measuring their cybersecurity readiness and achieving effective security in reality.


The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks. While these systems are effective, they still require employees with the sufficient skills to work them properly. Given that the DCMS recently found that 48 percent of UK businesses struggled to find employees with basic cyber skills, for example being able to configure a firewall correctly, it seems unlikely that the majority of companies are getting the most out of these tools.



Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY .
 

“Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily”.


Experts often say that one of the best ways of defending your network is educating employees to be on the lookout for risks. However, often many businesses are not taking their human cyber readiness into account. This is because they are unable to effectively measure the skills of their cyber team. Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily.

“ If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information”.


However, failing to measure your human readiness companies can open themselves up to increased risk. For example, many organizations carry out breach simulations to provide crucial experience for the day when there is a real attack. However, businesses rarely measure how well their teams coped with each scenario and what training and actions should come from it. If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information. In the past, the only measure companies had to judge their employees was through what certificates they held. This led to hiring professionals on huge salaries who have been working in the industry for many years and have secured the correct qualifications.


Just because they have a certificate does not mean they are necessarily better at handling a threat as the most junior person on the team. This is because it is impossible to know who is best to handle a response simply by looking at certificates. The junior member could have had more recent experience in handling that type of threat, or recently read about the latest techniques. By being able to continually measure who in the team is stronger at certain tasks can go a long way in improving efficiency in defending against attacks. Often, rather than hiring in the talent from outside their teams, organizations could spend a fraction of the budget and focus on upskilling their own existing staff. Of course, to do this you first need to know what skills your team already has, and where there are gaps that need to be filled.


Learn more: CYBER SECURITY GUIDANCE FOR REMOTE WORKING .
 

Spotlight

Learn about the most common faulty disaster recovery assumptions—from insufficient employee work arrangements to the inadequacy of annual or biannual disaster recovery testing.

Spotlight

Learn about the most common faulty disaster recovery assumptions—from insufficient employee work arrangements to the inadequacy of annual or biannual disaster recovery testing.

Related News

DATA SECURITY

Cylitic Security Chooses Swimlane to Deliver Enterprise-Grade Security Automation Services at Scale

Cylitic Security | November 15, 2021

Cylitic Security, a cyber security services provider, announced that it has chosen Swimlane, the leader in cloud-scale low-code security automation, to scale up its security operations. Cylitic is pioneering a comprehensive managed security service to help small to medium-sized businesses successfully fight off sophisticated cyberattacks. On average, Fortune 100 companies spend hundreds of millions of dollars annually on dedicated professional cybersecurity analysts, complicated tools, and technologies to continuously monitor their networks looking for anomalies and act in real-time to mitigate threats. Unfortunately, these capabilities are not always realistic for smaller entities. Security talent is expensive and sparse. Some cybersecurity technology vendors won't sell to smaller entities, which is also a disadvantage. Yet, cybersecurity is not a concern only prevalent amongst large-scale enterprises--nor are the associated challenges with keeping an organization secure. Cybersecurity is an industry-wide concern for businesses of all shapes and sizes. Deploying security automation systems can bring the sophistication of enterprise-scale systems to the SMB customer. Low-code security automation provides a robust application development capability for use cases that can be solved with simple drag-and-drop data entry and business logic to extremely complex, sophisticated solutions that meet the needs of the entire organization. Cylitic's purpose is to bring advanced security capabilities and expertise to small to medium-sized customers who normally otherwise wouldn't have this access. Cylitic is leveling the playing field against threat adversaries who specifically target smaller organizations. "We are excited to be partnering with Swimlane. Their platform allows us to scale our security service even further and helps us protect tens of thousands of mission-critical systems for smaller organizations. Technology like Swimlane is common in large, sophisticated Fortune ranked companies and Government agencies. This is yet another piece of the puzzle for Cylitic to democratize the state of technology and tactics for smaller organizations that don't have experienced cybersecurity teams," said Andrew Thornton, Cylitic Security's Chief Security Officer. "Today, every company is a technology company,Moreover, every company is experiencing the impacts of a global talent shortage, and simultaneously, security is having an unprecedented impact on businesses and their bottom line, making cybersecurity a company-wide issue. Together, Swimlane and Cylitic are bringing the power of the low-code security automation to the SMB market, providing a customer-first approach by combining security technology integrations with industry best practices to create market-ready solutions that accelerate time-to-value." Cody Cornell, co-founder, and chief strategy officer, Swimlane About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system of record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization. About Cylitic Cylitic Security provides cyber security technology and services. Collectively the Cylitic team has defended global Fortune companies and critical government systems. Cylitic combines best in class Silicon Valley engineering with exceptional security talent to create the next generation of managed security services. Cylitic's people + technology work synergistically to protect their customers around the clock. The Cylitic team is particularly proud to apply their skills and tools to help protect small mission critical companies.

Read More

PLATFORM SECURITY

Cyware & GuidePoint Security Partner to Share Threat Intelligence

GuidePoint Security | April 21, 2022

Cyware, the industry's leading supplier of platform-agnostic Cyber Fusion Centers with next-gen SOC capabilities, today announced a collaboration with GuidePoint Security, a leader of cybersecurity solutions. GuidePoint Security joins a renowned group of Cyware Technology Partner Program solution providers, managed security service providers (MSSPs), and systems integrators in assisting clients in making wiser choices and minimizing risk. GuidePoint is broadening its threat management portfolio and expanding its service offerings with actionable threat intelligence and incident response solutions as a result of its new relationship with Cyware. GuidePoint's enterprise solutions for Cyware will allow clients to aggregate, analyze, and autonomously exchange data for enhanced threat visibility, as well as provide users with threat response collaboration capabilities. “Our partnership with GuidePoint couldn’t have come at a better time when the global threat landscape is witnessing a massive deterioration because of high impact threats targeting enterprises globally. Together, GuidePoint and Cyware will enable enterprises, ISACs/ISAOs, MSSPs, and government bodies to bring together siloed security operations, operationalize threat data more efficiently, and collaborate on threat response using next-gen cyber fusion solutions.” Amit Patel, Senior Vice President, Global Sales, Cyware The Cyber Fusion Center platform from Cyware combines SOAR and actionable threat intelligence to provide a cohesive, automated, and modular solution for bi-directional threat intelligence sharing, comprehensive case and workflow management, and unified orchestration for enterprises, ISACs/ISAOs, MSSPs, industry groups, National CERTs, and government organisations around the world. GuidePoint is a renowned cybersecurity adviser and solutions provider, with thousands of businesses around the nation relying on its expertise. Customers can depend on the company's proven experience, customized solutions, and services to help them make smarter cybersecurity choices that reduce risk. GuidePoint is the most recent multinational IT business to use Cyware as one of the engines powering its security service. Cyware collaborates with some of the world's most notable technology companies to provide enhanced solutions and intelligence.

Read More

DATA SECURITY

New CyberCube Scenarios Aid the Cyber Planning of Lloyd's Syndicates

businesswire | January 21, 2021

CyberCube has refreshed its information driven insightful programming to flawlessly empower guarantors to evaluate misfortunes to situations that Lloyd's has given to partners for the forthcoming March information assortment cutoff time. These situations are utilized to answer to Lloyd's on how their arrangement of business would be influenced by major digital occasions. CyberCube has presented the three situations for practical digital fiascos as a component of its Portfolio Manager item, which is utilized by hazard transporters. The three situations, which CyberCube planned related to Lloyd's Underwriting group, Lloyd's market specialists and Guy Carpenter, are: - a cloud blackout - a force or foundation blackout - a significant malware assault The Lloyd's Market Association's Cyber Risk Strategy Group has additionally been vigorously engaged with building up the situations in the course of recent months. By dissecting how their arrangement of protection chances are influenced by these situations, the Lloyd's market can survey each coordinate's monetary flexibility and that of the market in general. The situations additionally uncover the most cutting-edge danger scene and related digital dangers that cause critical gatherings of misfortunes. The three digital situations, which will in future be remembered for Lloyd's formal Realistic Disaster Scenario (RDS) structure, will assume a significant part in organizations' business arranging measures. They mark the market's most complex digital examination exercise to date. Pascal Millaire, CyberCube’s CEO, said: “Lloyd’s syndicates have long been leaders in the global cyber insurance market and so it is no surprise that the Lloyd’s market is also taking a leadership role amongst regulators in thoughtfully measuring cyber exposure accumulation. We’re thrilled to be able to help Lloyd’s syndicates with this exercise using our platform.” Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management, said: “The Lloyd’s market is a global leader in cyber insurance so understanding and controlling exposure to this class of business is critical. Cyber is a rapidly evolving risk that demands scrutiny at both syndicate and market level: the use of scenarios helps Lloyd’s to achieve this.” Siobhan O’Brien, Managing Director and Head of Guy Carpenter’s International Cyber Centre of Excellence, commented: “This is a very important piece of work for the broader RDS framework. The findings of the study will prove valuable not only for Lloyd’s syndicates but also for the wider insurance industry in helping to address some of the most challenging aspects of cyber risk that impact multiple lines of insurance.” CyberCube's Portfolio Manager is a digital danger fiasco model that permits guarantors to see how their book of business would be influenced by a progression of digital dangers. The model has not been closed down by Lloyd's yet is broadly utilized on the lookout. Deviations should be accounted for to Lloyd's and any inquiries with respect to the assortment time frame (January 8 to March 31) ought to be tended to in the main example to Lloyd's. About CyberCube CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modelling on thousands of points of technology failure. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners and backing from ForgePoint Capital, HSCM Bermuda, MTech Capital and individuals from Stone Point Capital.

Read More