The New Economics Of Cybersecurity RiskJuniper's Paul on RAND study and getting better security ROI
Cost-effective security is the Holy Grail every practitioner hankers after - and few find. There are just too many variables in today's environment for the cost of cybersecurity risk or security return-on-investment, to only be ascertained quantitatively basis either number of records compromised or number of attacks thwarted.
So what are some of the economic drivers that determine how much bang for your buck your security investments are giving you? [See Articulating Security's Business Value]
A new report released by policy think-tank RAND corporation. commissioned by Juniper Networks, comes up with some interesting data points. Titled The Defender's Dilemma: Charting a Course Toward Cybersecurity, the study analyzes challenges practitioners face in effectively managing security investments in ways that give them better ROI - and peace of mind.
"Practitioners need a way to better understand the variables that most influence the cost of managing cybersecurity risk holistically and the different decisions they can make to tip the balance in their favor," says Sajan Paul, Director for systems engineering and technology consulting, India &SAARC, for Juniper Networks. "Defenders need to start running security as a business within their organizations to get the best ROI."
Last year Juniper commissioned another study on the cybercriminal underground, looking at markets for cybercrime tools and stolen data. This is the second part of that study, looking at the new economics of defense.
Some of the ideas proposed in the study include a new heuristics-based economic model for determining cybersecurity risks and making the right investments from an organization's budget to get the most efficient security posture. The study finds that in spite of investing the better part of their budgets on the best tools, organizations remain vulnerable. This is because most security investments tend to have a half-life, Paul says.
"You need to prioritize investment that cannot be negated by attackers in the future by developing countermeasures. If you don,'t, you will always be trying to play catch-up, upgrading tools that become redundant quickly," he says.
In this exclusive interview with Information Security Media Group, Sajan Paul discusses the key findings from the RAND report around the new economics of defense, exploring how practitioners can pick where to park their budgets to get the best security in return. He discusses:
- The objective of the study and the trends it addresses;
- The key findings and insights;
- Recommendations for tailoring investments for best security ROI.
Paul is the director for systems engineering and technology consulting for Juniper Networks in India and the SAARC region, covering both enterprise and service provider verticals. Paul has been an integral part of the telecom and networking industry for over 20 years in various capacities from design, driving technology directions and managing solution focus across many telecom companies in his career. In his current role, he drives strategic solution initiatives and technology architectures which uniquely help organizations build their next generation network infrastructure.