When thinking about all of the individuals involved in managing risk and making security decisions in an organization, the person who has one of the toughest roles is the chief financial officer. For the majority of the C-suite, investing in security technology appears to be a relatively easy decision. However, the CFO has to balance the investment in security against a variety of other variables, including assessing the cost of managing cyber risk against all other costs of doing business.
According to a 451 Research report last year, “Given the 10 most recommended technologies and the pricing range, an organization could expect to spend anywhere from $225,000 to $1.46 million in its first year, including technology and staff.” Considering the costs related to security, it’s no wonder that the CFO might struggle a bit in regards to investing in this part of the business, even if he or she is fully cognizant of existing threats and the need to protect the company’s assets.
In this slideshow, AlienVault, provider of unified security management solutions and crowd-sourced threat intelligence, will examine how CFOs can invest wisely in protecting their organization.
Click through for five ways CFOs can invest wisely in protecting their organizations, as identified by AlienVault.
Do not assume your organization is invincible based on size
When determining what the balance of investment and staffing in security should be versus other business costs, CFOs should note that, like it or not, because cyber threats seem to be increasing in scale, scope and frequency, investing in security is not a decision that can be put off until next quarter or next year. According to a 2014 Symantec report, 30 percent of all targeted attacks in 2013 were aimed at businesses with 1-250 employees; that number goes up to 41 percent if you factor in attacks against businesses of 251-500 employees.
Know whether you have one or more security products in place
CFOs should determine if their company’s security team has one or more security products in place and figure out if those products are interacting with each other. This will give the CFO a comprehensive, high-level view of the IT infrastructure and the information each product is collecting to ensure technology is working in unison and there are no duplicate products carrying out the same function.
A unified approach to security is essential
Today, it isn’t just about having the best-in-breed solutions promising “security intelligence.” It is about achieving the higher intelligence that can come from the right combination of protective, detective and response controls all communicating with each other to provide a correlated view of what is happening across your company, and the guidance to address any security breaches or vulnerabilities. By unifying security controls that you already have in place or by insisting that any new security products are unified from the get-go, the organization will get a lot more out of the company’s existing investments because of the rich contextual threat data the unified controls will provide.
Determine how the company is monitoring, detecting and responding to threats
By understanding how the company monitors its security controls, it will help in determining how long it takes to detect and respond to a threat. Having a system in place that provides continuous threat alerts and integrates threat data from other organizations and individuals is a cost-effective way to ensure your security team is equipped with the cyber intelligence needed to avoid a potentially costly incident or breach.
Challenge any big spend and understand exactly what your company will get in return for its precious dollars
It is a CFO’s job to challenge any big spend and figure out exactly what the company will get in return for their dollars. CFOs should ask questions of their IT team even if they are redundant to the questions they will be asking themselves as they evaluate security products or services. This will help the company stay true to the decision criteria that should be employed before making a purchase decision.