IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Increase cyber effectiveness and innovation through operationalisation
Thu, 19th Oct 2023

Cyber security operationalisation will increasingly become a core focus for CISOs as organisations seek to drive greater efficiencies, and for many cyber teams, it's likely much needed.

In recent years, the proliferation of cyber security solutions sitting within businesses has grown exponentially. Much of it is driven by the dramatic rise in cyber threats and increased risks that need to be managed because of greater digitalisation and cloud adoption.

Recently, budgets were extremely forthcoming as organisations plugged gaps in their defences at almost any cost. As a result, and depending on which research you read, most large enterprises now have around 50 or more cyber solutions implemented across their business — some even have upwards of 100. Yet the irony is that according to research from the Ponemon Institute, enterprises that deploy more than 50 tools ranked themselves 8% lower in their ability to detect threats and seven per cent lower in their defensive capabilities than other companies employing fewer toolsets.

For security teams drowning in the day-to-day of keeping their organisation secure, the responsibility of remaining on top of multiple vendor solutions is painfully complex. But thankfully, times are changing.

A recent decrease in cyber spending is stemming from greater caution due to global economic challenges. Consequently, it's vital for CISOs to show both cyber effectiveness and efficiency, and whilst having the best solutions is desirable, managing costs within budget is becoming a priority. However, rationalising solutions is likely not the foremost concern on a CISO's mind, especially if those solutions work and the security team is familiar with them.

There's also the question of ensuring the cyber security posture built over the years isn't lost in the pursuit of managing cost. After all, what's the point of consolidating solutions to make bottom-line savings if replacements fail to do their job properly?

Opportunity to Innovate
Managing this balance between budgets and ensuring your organisation is properly protected with the right cyber solutions is challenging, particularly when the current economic climate calls for prudence. But is it a chance to innovate?

Consolidation and a focus on generating greater efficiencies force a different mindset, one that may help you radically reconsider your organisation's overall cyber approach. Instead of reacting to whatever the world throws at you, cyber security operationalisation enables an integrated approach to managing all aspects of your cyber risk, both holistically and efficiently. It offers the chance to be proactive in your overall risk management strategy to address both internal and external cyber threats and respond more effectively.

This not only benefits your organisation but can help elevate your own CISO role by increasing your understanding of what's critical to the business, i.e., the ​​data that's most important to protect, where it resides, and who has access to it. This greater level of insight can also serve to help increase your own standing and change the dynamics of cyber conversations from cost centre to critical value enabler.

Driving Effectiveness
We've already seen that as the number of cyber tools increases, the effectiveness of organisations to detect threats and stay secure decreases. Thus, cyber operationalisation provides a platform to achieve greater effectiveness and opportunities for further consolidation across the cyber stack, from measurement and processes through to automation and culture. The foundations of cyber security operationalisation offer the perfect platform to both innovate and increase effectiveness.

This can also include changes in how you deliver technology to your business, e.g., on premise to software as a service, managed service or as part of a cyber security 'platform' of solutions. Consolidating the volume of cyber solutions (and vendors) can also result in deeper, more strategic partnerships, stronger collaboration, and increased contract value. This can help not only negate stranded assets challenges but dramatically reduce the overall management of solutions through fewer suppliers.

The cybersecurity landscape is evolving rapidly, and CISOs are facing the dual challenge of safeguarding their organisations while navigating constrained budgets. While the temptation to accumulate a multitude of cybersecurity tools may have been prevalent in the past, now is the time for a paradigm shift.

Cybersecurity operationalisation offers the means to not only rationalise your cyber environment but to do so with a keen eye on efficacy and efficiency. It provides an opportunity to innovate, reevaluate your organisation's holistic approach to cyber risk, and to elevate the CISO role from a cost centre to a critical value enabler. By consolidating solutions, fostering deeper partnerships, and driving a culture of effectiveness, cyber operationalisation can lead the way in securing our digital future while ensuring fiscal responsibility.