Intelligent CISO Issue 45 - Page 74

We ’ re seeing an arms race between attackers and defenders , and attackers are winning .


We ’ ve never been more connected . We ’ ve also never been more under threat from malicious actors seeking to do us harm . If you ’ re looking to enhance your protection from cyberattacks in today ’ s interconnected world , but you ’ re concerned about whether you can budget for the investment required , Thomas Cartlidge , Head of Threat Intelligence at Six Degrees , can offer five best practices for maximising security on a tight budget .
t ’ s a dangerous

I cyber world out there . According to IBM , the average cost of a data breach in 2021 was US $ 4.21 million globally . In addition to the financial implications , organisations also risk regulatory fines , reduced consumer trust and potential legal ramifications in the event of a data breach resulting from a successful cyberattack . Fortunately , these risks can be mitigated with effective cybersecurity measures .

Here , we take a look at five best practices organisations can deploy in order to maximise security on a tight budget .
Spend doesn ’ t always equal success
One crucial factor in ensuring strong cybersecurity is budgeting . This can be challenging , particularly if you don ’ t understand the threat landscape and your organisation ’ s vulnerabilities . Bear in mind that more investment doesn ’ t necessarily amount to better cybersecurity – in fact , only 36 % of UK companies are confident that they ’ re getting the best value from their investment .
Mapping your cybersecurity strategy against potential threats is critical ; here are some of the best practices you should consider adopting .
1 . Establish your risk appetite
In today ’ s world , one thing is clear – it ’ s impossible to eliminate or avoid risk altogether . With this realisation , it ’ s vital to establish your risk appetite – the amount of risk your organisation is willing to accept to achieve long-term strategic security objectives . Your risk appetite acts as an anchor point for prioritising cybersecurity investments . As such , an effective risk appetite should be :
• Strategic
• Risk-focused
• Tailored
• Actionable
• Measurable
Your risk appetite should help provide clear-cut objectives to help your organisation reduce its risk profile . This will require a comprehensive review of your cyber posture to understand your vulnerabilities , areas for improvement and best practices to implement . This process should be continuous .
You also need to consider operational risks . This allows you to plan for both manageable and unforeseen risks . The security landscape is continuously evolving , with new actors and threats constantly joining the scene . You need to be agile and flexible to fight unknown risks and the right level of risk appetite can help you do just that .
2 . Spend in the right areas
For most organisations , the cybersecurity budget is a percentage of the IT budget , often varying from 5 % to 20 %. While this helps to account for spending , it can be limiting , especially when tackling unprecedented threats . Instead , organisations should adopt a targeted spending approach for an effective cybersecurity strategy .

We ’ re seeing an arms race between attackers and defenders , and attackers are winning .

74 www . intelligentciso . com