Cyber Security: Hand Waving Instead of Results?

October 9, 2019

Beta News published what DarkCyber views as a bit of an exposé. “Security Professionals Struggle to Measure Success within the Business” recycles information which appears to come from a services firm called Thycotic. (DarkCyber has not been able to locate the referenced report.)

Among the statements in the write up, DarkCyber noted these as particularly thought provoking:

  • “Nearly half (44 percent) [of those in the Thycotic sample] say their organization struggles to align security initiatives with the business’s overall goals”
  • “More [than] 35 percent aren’t clear what the business goals are”
  • “The most commonly used metric is to count the number of security breaches (56 percent) followed by the time taken to resolve a breach (51 percent). It appears, however, that these criteria may not be terribly useful.”
  • “Around two in five (39 percent) say they have no way of measuring what difference past security initiatives have made to the business.”
  • “36 percent agree it’s not a priority for them to measure security success once initiatives have been rolled out.”

These are interesting results. If an information unit cannot demonstrate that their security efforts are useful, budgets will be cut or staff rotated. Vendors will be sucked into this negative atmosphere.

Are cyber security vendors delivering solutions which work? Are customers able to use these products? Will executives lose confidence in their staff and vendors because security challenges continue to bedevil the organization?

The big question, however, remains:

Do the hundreds of vendors have solutions that are useful?

Paying invoices for hand waving can be an issue in some organizations. Well funded cyber security start ups might run into choppy waters after several years of smooth sailing and the support of investors who believe that nothing can derail new cyber security solutions.

Stephen E Arnold, October 9, 2019


Comments are closed.

  • Archives

  • Recent Posts

  • Meta