Cyber situational awareness: It just makes cents
May 9, 2016
For organizations that are looking to secure their online presence, there is no shortage of products on offer. Research tools, threat intelligence, social media monitoring, data loss, and dark web monitoring all provide different elements of this. However, demonstrating a return on investment (ROI) is often a headache for cybersecurity professionals. After all, how can you assign a cost to something that never happened?
The type of ROI an organization might expect to see varies depending on the incident type – be it brand protection, data leakage, or a cyber threat. Gaining early indications and greater context of TTPs is hugely valuable for organizations. Are you currently being extorted? Just imagine having access to a trove of intelligence that informs you of their tactics, techniques and procedures. Armed with this information, organizations can make much better and informed decisions that can avoid costly events.
In this blog, however, I wanted to refer to one specific use-case – brand protection. Let’s take the case of a luxury retailer that identifies a domain selling replica products. In this example, due to the high value of the goods, the organization passes the details of the fraudulent sales to an internal intellectual property fraud investigations team. This team conducts further research on products being advertised, the source and site ownership. When determined, these details are then passed on to local law enforcement, which conduct investigations and track the associated accounts. The payment account is then suspended or seized and the money is frozen. Finally – and crucially – an assessment is conducted into how much money the site may have gained and a proportional payment is awarded from the payment account to the organization. For high-value retailers, this can be several tens of thousands of dollars.
While there are many unquantifiable returns associated with greater cyber situational awareness, such as greater customer confidence and assurance, there are also calculable cost savings and returns. Armed with this greater awareness, organizations can identify incidents quicker, receive more accurate alerts and, ultimately, free up resources so that cybersecurity professionals can concentrate on their day-to-day job of keeping the ship afloat.