Targeted Cyber Spending Is the Key to Resilience and Stronger ROI

by Paul Dant, Senior Director of Cybersecurity Strategy & Research at Illumio

Cybersecurity budgets are growing alongside the significant increase in cyber threats in Southeast Asia. While on the surface this seems logical, promising even, there is more to the story. We need to recognise that the industry is still somehow getting it wrong – because despite these large sums being poured into cyber defences – attackers keep winning. The cost of attacks also continues to climb – the estimated average global cost of a breach according to IBM was a record $4.45 million last year.

The repeated success of traditional attack tactics, coupled with new threats posed by evolving technology such as AI, makes it clear that organisations need to change the way they are investing in and thinking about cybersecurity. It’s clear that throwing money at the cybersecurity issue won’t make it go away, so the question becomes: what will? The answer lies not in increasing spending, but rather in optimising spending. In an environment where attacks are near daily, security investments must be focused in the right areas to ensure that money spent is delivering maximum business return on investment (ROI) and bolstering organisational resilience.

Why Are Cybercriminals Still Winning?
As a lifelong hacker and security researcher, I can tell you firsthand: that hyperconnectivity and hybrid cloud environments, coupled with geopolitical and economic instability, make it a splendid time to be a hacker. It’s never been easier for cybercriminal groups to acquire easy access, expertise, and resources, thanks to trends like ransomware-as-a-service.

Most breaches that we see today sadly still use the same basic attack patterns of acquiring credentials, accessing an initial network or device, and from there moving laterally across endpoints, cloud environments and other IT infrastructure to reach their intended target – the same methodology that’s been used for years. Indeed, a recent report from PwC found close to half of Southeast Asian executives are wary of the risks posed by specific pathways into their companies’ internal operations such as business emails and online accounts.

How Southeast Asian Businesses Can Rethink ROI
Particularly with budgets tightening and the threat landscape widening, it’s never been more important for organisations to showcase a greater ROI when it comes to security. Organisations must go beyond merely showing quick, meaningful value, but also demonstrating and advocating for the benefit of cybersecurity investments in furthering the business bottom line.

To do this, SecOps leaders must start by defining clear objectives and desired outcomes for cybersecurity expenditure. To succeed, spending needs to be aligned with specific organisational objectives, coupled with timely and attainable goals. It’s also imperative to assess and regularly test your organisation’s current risk posture. It’s impossible to prepare an effective defence without fully understanding what your most critical assets are, where visibility gaps lie, and what happens when a breach inevitably occurs within your organisation.

Once these baselines are understood, the third step is to secure buy-in from the business. Aligning security strategies with broader business objectives and securing support from senior management is essential for securing the initial budget and for an effective implementation. It can be beneficial to promote a focused strategy here. Instead of proposing to implement advanced, tactical strategies everywhere all at once, concentrate on the most valuable and at-risk areas first. This will make it easier to budget for your strategy, secure buy-in, and report on success.

Narrowing The Focus to Lessen The Burden
When deciding where to place your bets, it’s important to recognise that even with the best defences, it’s impossible to guard against all threats and guarantee your organisation won’t be breached. It’s inevitable that you will be. When we shift our cybersecurity efforts to limiting the impact of breaches, we are no longer overwhelming both security teams and budgets by trying to identify and protect against an infinite number of threats.

Security strategies must move away from traditional measures like endpoint protection and perimeter defences to focus on mechanisms that thwart lateral movements within and across hybrid IT. The biggest score for hackers isn’t breaking in – it’s making their way around an organisation’s IT environment to get to the highest value data.

Zero Trust Segmentation (ZTS) is one of the most successful approaches in preventing lateral movement, breaking the IT environment up into small sections – limiting access and monitoring communications between segments to ensure that unauthorised movement across environments is immediately locked down as soon as they’re detected. ZTS has been also shown to reduce the blast radius of attacks by up to 66%, resulting in savings of up to $3.8 million by reducing downtime from attacks.

Redefining Cyber Resilience 
With a better understanding of their IT infrastructure, and with visibility and containment top of their mind, firms can better ensure they are looking in the right direction when it comes to allocating and prioritising their cyber spending. As a hacker, my advice for any organisation looking to shore up resilience is to focus foremost on limiting the attack surface, and figuring out how you can quickly contain breaches when they occur. It’s no longer the breach that takes organisations down – is the lack of containment of that breach. Focusing investment on this will not only deliver a greater ROI on a tight budget, it’s the kind of investment that can save millions more down the line.