As the cyber threat landscape becomes rapidly more complex, the risk of breaches increases. The potential for severe financial loss, reputational damage, and non-compliance with regulations drive companies to invest in threat intelligence platforms.
Threat Intelligence Platforms
Threat intelligence platforms (TIP) are critical security tools that use global intelligence data to help proactively identify, mitigate and remediate security risks. A TIP pulls together key cyber threat defense functions, creating a holistic threat intelligence system. Some of the key benefits are operationalizing data gathering, processing data into intelligence, integrating information from various sources, streamlining the intelligence cycle, and better navigate the threat landscape.
While this tool has obvious advantages to security professionals, making the business case to invest in a TIP can be a challenge.
Making the Business Case for a TIP
Speaking in a Language Management Understands
The case needs to be made from management's perspective to justify the investment in a TIP. Start with mapping security objectives with management objectives, understanding the business risks that concern them vs. cyber threats in general, and quantifying the return on investment.
Interviewing the heads of key intelligence stakeholders throughout the organization is a good way of gaining the insight needed to understand the business and how it is affected by cybersecurity. This communication can also create the trust that the security teams are working for them and their goals.
Communication style is also essential. Security terms that are part of the everyday vocabulary of SOC analysts and threat intelligence teams may not be readily understandable by those in other functional areas. More technical language should be translated into basic concepts, and information should be contextualized to resonate with the audience.
Visual mapping and use cases can be persuasive communication techniques. Visual mapping of the relationships between intelligence stakeholders can describe solutions in a way that transcends security terminology. Use cases from your own company or others in similar industries is an effective way of giving real-world context to a TIP implementation.
Threat Intelligence Platform Return on Investment
The bottom line for any investment is the quantifiable return it will have for the company. Cost savings are the most obvious contribution that threat intelligence tools can make to an organization. However, revenue generation can also be a significant payback of operationalized threat intelligence. Regulatory compliance can also contribute to a positive ROI.
TIP Cost Reductions
The cost of a devastating data breach is always top of mind for a company. Investing in a TIP that minimizes financial risk can be justified by focusing on relevant threats. Depending on the industry, the pure financial losses can be enormous. Breaches like those at Home Depot and Target have run into tens of millions of dollars. Potential direct operational fees for legal and forensic services, consultants, and customer care are most easily quantified. Harder to quantify but potentially just as costly are loss of brand equity and reputational damage.
Better utilization of assets is also a significant contribution to cost reductions. Automation of data gathering, processing, and intelligence reporting saves threat intelligence analysts' time, freeing them for more strategic threat hunting, etc. A TIP can also eliminate the need for additional headcount and reduce time spent on chasing false positives. By replacing unnecessary security tools with a TIP that functions more effectively, you can further reduce costs.
TIP Revenue Generation
While cost reductions are a more typical contributor to calculating the ROI of a TIP, revenue generation also comes into play. Preventing breaches is key to customer retention and the continuation of market growth. The fallout from an attack can do severe damage to a company's trustworthiness to current and potential customers. In addition to maintaining customers’ trust, vendors, suppliers, and other partners can also be affected by malicious activity and disrupt the supply chain.
Employing a TIP can also be a competitive advantage for certain types of companies. In reviewing bids for contracts, it is becoming more common for the prospective client to consider a supplier's threat intelligence operations and security defenses as critical criteria. If the program does not seem robust enough, it could be a deal-breaker.
Quantifying the contribution of a TIP can be tricky. It helps to organize metrics into operational, tactical, and strategic categories. Operational metrics are made up of the speed and efficiency of analytical work. At the same time, tactical measurements focus on the efficacy or quality of the analyses (e.g., false positives & negatives, etc.) Strategic metrics score the performance of the threat investigation process in how well it meets financial and business objectives. This would entail quantifying cyber risk exposure or value at risk (VaR), or the ability of your program to minimize the likelihood of a damaging event or to mitigate the damage if a breach occurs.
Regulatory Requirements, Justification for a TIP
Regulatory or industry compliance requirements are another strong justification for implementing a TIP. Especially in tightly regulated industries like finance and pharmaceuticals, a program that effectively monitors the company's online presence and intelligence from external sources can increase compliance, lower the risk of fines, and minimize time spent with regulators and audits. A TIP can even serve as a type of regulatory 'insurance' by reducing penalties in the case of a breach.
Watch the webinar, Making the Case for a Threat Intelligence Platform - Featuring Frost & Sullivan, to learn how a threat intelligence program can give your organization the upper hand against cybercriminals.