JUN. 20, 2018

What can cybersecurity learn from economics? Some might recognize the current skills gap as a product of demand outstripping supply. This is great news for the computer science major hoping to capitalize on years behind the keyboard. Less so for the chief information security officer (CISO) whose budget may not allow for extravagances like hiring a fully-staffed team. Another economic lesson deals with the so-called law of diminishing returns.

Simply put, the impact of an investment increases up to a point, at which it will tend to level off or even decrease over time. For years, cybersecurity practitioners have had to contend with diminishing returns on investments in hardware and software. To complicate matters, some security investments can not only yield less of a return over time, they can complicate operations and even reduce security overall. In response, many companies have turned to managed security services (MSS) to ensure they are getting the most for their money.

Drowning in Data

Given the enormous breadth of cybersecurity products and services that exist today, it seems quaint to think back 30 years to the release of the first commercial antivirus software. Since then, wave after wave of solutions have hit the market. This includes firewalls, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), security information and event management (SIEM) platforms, secure email gateway (SEG) appliances, and of course ever more robust versions of antimalware and antivirus software, generally referred to as endpoint detection suites.

The swelling commercial markets have created two major problems for CISOs. First is a “keeping up with the Joneses” mentality. This is as prudent as it is an aim at due diligence by “buying what Jones has”. In the event of a breach, heaven help the one CISO in the industry who did not implement at least the same security measures as his or her neighbors and competitors. The second problem is far more insidious and speaks directly to difficulties presented by diminishing returns. With so much technology comes ever-increasing complexity. In addition to requiring individual strategic, policy, network and compatibility considerations, firewalls, IDSs, IPSs, SIEMs, SEGs, and endpoint solutions all generate massive amounts of data. This includes raw activity feeds, log files, alerts, and notifications.

This article was originally posted by IT Briefcase.  Click here to read the full article on their site.