Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Finding the ROI in Threat Intelligence

Threat intelligence can play an important role in improving an organization’s overall cybersecurity posture, provided the right case is made and the right processes are put in place. In the past, I’ve addressed the topic of whether an organization should invest in a dedicated threat intelligence team or subscribe to a threat intelligence service.

Threat intelligence can play an important role in improving an organization’s overall cybersecurity posture, provided the right case is made and the right processes are put in place. In the past, I’ve addressed the topic of whether an organization should invest in a dedicated threat intelligence team or subscribe to a threat intelligence service. But once that decision is made, the work isn’t over, as whatever choice is made (in-house threat intel team or subscription service) still needs budgetary support from management. While the costs associated with these two approaches vary significantly, no matter if a cybersecurity budget is thousands or hundreds of thousands of dollars, ultimately, IT departments will need to prove to management that the cost associated with threat intelligence is worth the benefit it provides.

First, I’d like to address the idea that threat intelligence is a cost center (albeit one vital to protecting the organization’s reputation and viability) rather than an investment that could lead to a competitive advantage and improved bottom line. It’s an important distinction that needs to be understood by budget decision-makers, who may need some education as to the important role threat intelligence can play in increasing an organization’s productivity. Threat intelligence can greatly accelerate the number of cyberthreats a security team can identify, assess, contain and mitigate in a given period. 

For example, if IT can show that the security team is able to prevent three times as many cyberthreats in the same time frame with the benefit of additional intelligence, the argument can be made that organizations are getting better leverage from their existing security staff and improving their productivity, versus simply spending more money. Viewed as an investment that could free up funds – and more importantly staff time – for future growth, management may look more favorably on authorizing budget for threat intelligence services.

Now, let us take this investment methodology another step forward. A recent survey from the Bureau of Labor Statistics by Peninsula Press found that there are over 209,000 unfilled cybersecurity jobs, with postings up 74 percent over the last five years. When considering how to deploy resources, you must focus on the cost and ability to actually fill your open roles, with the demand far outstripping the supply. Given this, I would guide organizations to find ways to automate workflows and augment their existing staff, versus looking to hire in order to fill gaps.

With the right threat intelligence in place, organizations can automate much of their cybersecurity response (provided the intelligence is properly integrated into an organization’s existing infrastructure). The reality is that many of today’s cyberthreats are a problem not because of their sophistication but rather because of their sheer numbers. Thanks to the ready availability of easy-to-use cyberattack tools on the dark web, the number of cyberattacks attempted each day has increased exponentially. And while most threats are relatively easy to resolve once identified, they still require attention from the security team that could be better spent looking for the attacks that an automated cybersecurity process might not spot as quickly as a human security analyst. Offloading less sophisticated attacks, and letting them be handled by a combination of a threat intelligence service and automated cybersecurity controls, frees up the security team to focus more of their time on more advanced – and potentially more destructive – cyberattacks. 

Another factor IT teams should consider as they work to justify the ROI in a threat intelligence team or subscription is how well it can be integrated into an existing security infrastructure. The ability for a network to automate the bulk of its cybersecurity measures is no small feat and will require significant work to ensure incoming threats don’t slip through cracks in an improperly configured network security platform. Nothing does more to undermine the perceived value of a threat intelligence resource than to have it perform improperly; management will become frustrated paying for an expensive resource that isn’t delivering all the benefits that the security team promised it would.

Threat intelligence is quickly becoming a must-have for any cybersecurity strategy. By ensuring they can explain the benefits a threat intelligence team or subscription can provide in terms that management can understand (productivity gains and ROI), IT departments can better position themselves to obtain the budget support they need to leverage this important tool to better protect their organization’s online presence.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.