THE CYBER METRIC
THAT WORKS
FOR CISOS AND
THE BOARD
Balancing business needs as well as the
complex environment they are responsible for
is a constant challenge for modern CISOs. John
Titmus, Senior Director EMEA at CrowdStrike,
outlines the key metrics security teams should
be using to understand the evolving threat
landscape and associated organisation risks.
F
orward-leaning
organisations
are by now well-
educated around
the increasing
severity and
frequency of
cyberattacks. Controls have been
tightened, security platforms and teams
have been put in place and employees
have been briefed on tactics for
improved cyber hygiene. However, the
‘elephant in the room,’ which is often
unacknowledged, is that security teams
are still buckling under the sheer weight
of daily incidents and alert fatigue, with
a UK business suffering a cyberattack
every minute in early 2019.
Not only are security teams struggling,
but the CISO is becoming increasingly
stretched as the scope of their role
broadens and they have less time to
62
dedicate to understanding – even if
they can’t manage – every live threat in
their environment on an ongoing basis.
For today’s CISO, balancing business
needs and the complex environment
they are responsible for is a challenge to
overcome every day.
A robust cybersecurity strategy is a
must, but how can this be achieved in
practice and how can security teams
effectively alert the broader executive
layer to varying levels of threats to
inspire appropriate sponsorship and a
business response?
The answer lies in outlining and defining
the key metrics security teams should be
using to understand the evolving threat
landscape and associated organisational
risk: speed. Within this, there are two
metrics that must be understood in
order to beat the clock; breakout time
John Titmus, Senior Director EMEA
at CrowdStrike
and the 1–10–60 metric that the whole
organisation can understand, utilise and
get behind.
Breakout time
The first valuable metric for CISOs
and their security teams to bolster
their cyber-response is breakout time.
This refers to the window of time from
when an adversary first compromises
a machine, to when they begin moving
laterally across the network from that
entry point. Speed is of the utmost
importance when stopping criminals
before they ‘break out’.
The CrowdStrike Global Threat Report
2019 was able to provide a granular
examination of breakout time by clocking
the average speed of major nation-
Issue 22
|
www.intelligentciso.com