Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Endpoint Security

Changing the Economics of Cybersecurity

It’s almost a cliche to talk about how often breaches occur—in 2015 alone, we’ve seen high-profile breaches from everyone from Anthem, the popular work collaboration tool Slack, and even the federal government thanks to the recent US Office of Personnel Management attack.

It’s almost a cliche to talk about how often breaches occur—in 2015 alone, we’ve seen high-profile breaches from everyone from Anthem, the popular work collaboration tool Slack, and even the federal government thanks to the recent US Office of Personnel Management attack. While many organizations are implementing security solutions to avoid becoming the next headline, there’s a fundamental math problem with the money they are investing: While organizations may think their ROI is pretty good, the ROI for criminals is even better, giving criminals more incentive to work their hardest to break into an enterprise network.

IT organizations can spend millions trying to protect the network perimeter from attackers, yet attackers will still breach defenses, leaving companies vulnerable to data loss or worse. And attackers will keep trying, because the success rate of attacks is high. Hackers might only have to spend a little bit of money and a week or two to worm their way inside a Fortune 500 network. One hacker can write an exploit that will open the digital doors of millions of corporate systems, spilling out data and resources of untold value. The exploits are easily passed around in the underground so the threats to corporations are exponential. And the attacks can be as easy as sending a carefully crafted phishing email to a top-level executive; the effort for attackers is minimal and the payback is huge. Meanwhile, IT departments are spending more and more money trying to keep hackers out, with minimal success. Which brings me to an uncomfortable point:

Endpoint Security

Clearly, the economics of security are not in the enterprise’s favor. Let’s look at the numbers: Organizations will spend a staggering $77 billion on security in 2015, with growth forecasted at 8 percent. In addition, trying to protect your network edge from incentivized attackers takes a toll from the standpoints of money and time. Businesses spend an average of $1.27 million annually responding to false alerts, and they waste 395 people-hours each week thanks to faulty intelligence and alerts.

You’d think that with this kind of money being spent on security, breaches would be just about non-existent. However, this isn’t the case: Breaches have actually gone up dramatically in the past three years, and more than 97 percent of enterprises have been breached. At a per-breach average cost of $6.5 million in the US, even just a few breaches add up and one strategic one can put a company out of business.

To change these lopsided economics so they shift the balance in favor of effective security for businesses, companies need to find a way to make it more difficult and costly for attackers to try to breach defenses – reducing the potential attack surface so it’s tougher to break in. When you make it harder for attackers to gain entry, they tend to move on to easier targets. It’s the “outrun the lambs, not the wolves” approach. You need to narrow your focus on what to protect and when, instead of trying to shield your entire network from attack. How do you do that?

Changing the Economics of Security Starts and Ends at the Endpoint

In my opinion, the answer rests in thwarting threats to the endpoint. Why? The endpoint poses far and away the greatest risks to a business. More than 70% of threats come into businesses this way, thanks to the combined power of the mobile and cloud revolutions. Now that employees spend a good part of the day working from home, hotels and cafes, corporate data no longer remains safely within the corporate network. The network perimeter has evaporated, causing enterprises to lose control of where data is hosted and where it is accessed, leaving them exposed to bad actors.

Advertisement. Scroll to continue reading.

The endpoint problem is compounded by the fact that a single bug in the tens of millions of lines of code in an operating system or application – combined with an unguarded click by an unsuspecting employee – can put an enterprise at risk.

Halting attacks at endpoints reduces the attack surface and deters criminals. As it eliminates opportunities for attack, it helps enterprises avoid potentially catastrophic losses. The economic balance therefore shifts in favor of the enterprise – and attackers lose incentive to make your enterprise the focus of their exploits.

While data breaches aren’t going away anytime soon, every company has a choice of how they prepare for them. By focusing on the endpoint, businesses can better secure themselves with less cost and less time expended by the IT team. And what about those lambs and wolves at your doorstep? They’ll eventually get tired of knocking and move down the line to companies far less equipped to combat their advances.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.