As a cybersecurity team, it can sometimes be a struggle to convince the C-suite of the importance of having a well-funded security program within your organization. This results in a critical gap of resources, compared to what is needed to protect crucial company assets.
A modern Security Information Event Management solution is a cornerstone tool in the Cybersecurity tool chest. The SIEM ingests data from all sources across your IT infrastructure and enables real-time advanced security analytics on data, identifying threats, and preventing breaches. A SIEM provides invaluable support in Cybersecurity, IT operations, and compliance.
However, the value of security analytics is often not visible to C-level decisionmakers, and the low visibility makes it more difficult to reach the top of the corporate investment agenda. As an analogy, you probably have fire extinguishers in your office, but most of us have never actually used them. However, just in case, we still have extinguishers all over the place, and most people also have common knowledge of response mechanisms needed in case of a fire.
The same should apply to your organization within cybersecurity. Too often leaders do not prioritize (or understand) the value of cybersecurity until it’s too late – after a breach, public exposure in the media and or even both.
It can be difficult for any organization to determine the financial value of implementing a SIEM solution. So how do you convince the C-suite that the investment could help them increase the bottom line and minimize risk?
To help you convince the C-suite, here are 5 arguments to consider:
1. Hackers Are Getting Smarter. Are You?
Your cybersecurity team is probably already testing the effectiveness of your defenses. But today’s hackers are getting more sophisticated and will usually choose the path of least resistance. Exploiting people through social engineering such as phishing campaigns makes it easier breaking into a well-protected network. Analyzing, responding and reporting on breaches can be time-consuming for any security team.
For your cybersecurity team to work smarter under these conditions, it is important that they have the necessary solutions to assist them every day. Understanding the patterns of a typical attack is a good starting point for analyzing where your investments for cybersecurity solutions can be most effective.
2. Lateral movement. A cybersecurity nightmare
Lateral movement inside your IT infrastructure is an increasing risk, and very hard to detect if you don’t have effective security analytics in place. The attacker will use different tools and methods to gain higher privileges and access, allowing them to move laterally (sideways; between devices and apps) through a network to map the system, identify targets and eventually get to the organization’s crown jewels.
If the attacker can secure administrative privileges, malicious lateral movement activities can be extremely difficult to detect, as it can appear as “normal” network traffic to security pros who don’t have the tools to differentiate or are overwhelmed by a flurry of alerts.
The ability to detect lateral movement in the network and to detect suspicious or abnormal behavior before exfiltration is possible and usually, a cost-effective investment compared to the perceived value. Analyzing, preventing, and reporting on lateral movement in your network is becoming increasingly important, and is the recommended place to start for many organizations that already have effective defenses in place.
3. Increased Connectivity (of Everything)
The Internet of Things has been trending for quite a few years now, and we are beginning to see increased internet connectivity in organizations within everything from production facilities, to medical devices. Many of these devices are easily hackable, and thus become vulnerable targets for hackers (many of the devices likely still have their default password).
Maybe you can relate to this, and maybe you cannot. However, when business-critical systems are connected to the network, the risk of imposed malicious activity increases. We regularly see massive Distributed Denial of Service attacks carried out by compromised IoT devices, and the surrounding cybersecurity measures are struggling to keep up the pace.
Ask the C-suite what the cost of downtime of these devices will mean to your organization – loss of production? Loss of life? Loss of reputation towards your customers? When IT is affected, your security may get compromised. When Operational Technology or IoT is affected, the safety of customers, employees, and the public become a liability.
4. Getting a clear view of your IT infrastructure
Having a transparent overview of your network events can consolidate many analytical processes that are currently done in different systems (and often manually!) by going through logs while looking for the desired intelligence.
With a SIEM you’ll gain the ability to oversee network activities based on events from equipment and network flow data, such as bandwidth, statistics, bottlenecks, changes in configurations of network devices, and more. In general, SIEM drives efficiency, productivity, workflow optimization, and automation.
The increased transparency of your network activities delivered by the SIEM solution will not only enable your cybersecurity team to detect malicious or abnormal activity. By monitoring all infrastructure components and mapping them to your service level agreements, it can help you optimize your IT infrastructure to be more efficient and keep an eye on whether you get what you are paying for.
5. Last but not least: Financial risk
If the previous 4 arguments are not sufficient to attract the attention of C-level management and raise SIEM on the corporate investment agenda, try this. The financial risk of not paying attention to cybersecurity. By now everybody, including C-level, has heard about the ransomware epidemics of WannaCry and NotPetya.
The four-day WannaCry epidemic knocked out more than 200,000 computers in 150 countries, but the title of most costly epidemic goes to the NotPetya cyberattack with an estimated worldwide cost of US 10 billion, whereas WannaCry, according to various estimates, was in the USD 4–8 billion range.
In the less mundane section, the 2018 Cost of Data Breach Study from Ponemon Institute documents, that the average cost of a data breach is USD 3,86 million or USD 148 per stolen or lost record. Last but not least, the EU General Data Protection Regulation (GDPR) that came into effect in May 2018 includes administrative fines of up to EUR 20 million, or 4% of the worldwide annual revenue of a company, in case of non-compliance.
That’s an argument the C-suite will appreciate…