“Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat.” – Sun Tzu
I was in a meeting recently discussing a client’s approach to cloud security when the client astutely pointed out that organisations should be focussing on their business strategy first and then using technology – be it cloud-based or otherwise- to achieve it. I agreed, also pointing out the importance of security being regarded as a critical enabler of any digital business initiative. (See our previous blog post for some insights into security as a business enabler).
Spend vs Return
When it comes to cyber security, it’s a fact of life that there will always be a ‘flavour of the month’, be it cloud security or digital transformation or my own personal favourites at the moment; machine learning and artificial intelligence. You only need to look at some of the more prevalent hype cycles to understand the noise that Sun Tzu refers to in his famous quote!
One of the biggest challenges in setting out your business strategy undoubtedly begins with budget – specifically how to allocate it wisely. And this couldn’t be more relevant in relation to cyber security. It’s no coincidence that security spending is on the rise, year after year, when its profile has never been higher.
In fact, worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner, Inc. In 2019, the market is forecast to grow 8.7 percent to $124 billion.
So, how do I ensure I’m maximising my investment?
This is a question we’re often asked by our clients. Here are some insights from the Digital Resilience team to help you spend your security budget in a cost-effective manner:
Security Capability Maturity Assessment
In assessing cyber security, it’s important to consider the controls and capabilities your business needs, given the nature of the industry, your business objectives, regulatory landscape, and risk profile. Rather than spending indiscriminately, this will guide you to addressing your key business risks appropriately.
Avoid Snake Oil!
Every year brings new must-haves being touted by vendors as the ‘next great solution’ to your security woes. But before investing in the latest technology, make sure you’re addressing the basics. That means addressing many of the elements of good cyber hygiene such as patching, access control, auditing and monitoring. As long as the basics are not in good shape, this is where any increased spending should be allocated first.