The New Cyber-Pragmatism

Focusing on Breach Prevention Alone Is an Obsolete Strategy

Organizations know they can't keep all cyberattackers out. Gone are the days when enterprises spent more than three-fourths of their IT security budgets on preventive initiatives, according to Anderson Research. Instead, as cyberattacks continue to skyrocket, portfolio managers are prioritizing detection and response efforts, according to a 2017 Gartner report. Overall spending on cybersecurity projects will jump from US$90 billion in 2017 to US$113 billion by 2020, the research organization says.

“The strategy of defense and prevention is still used, but we're also augmenting it with detection and response at a different layer,” says John Petrie, chief information security officer (CISO), NTT Security, San Antonio, Texas, USA. “And, as technology advances, companies are investing in more advanced detection and response capabilities to shore up and improve this layer.” He points to machine learning and artificial intelligence capabilities as two tech areas that are rapidly moving the needle on detection initiatives.

This organizational change also means a shift in IT portfolios. It's not just which projects get the green light, but also which metrics define project success and how benefits are measured. In the past, any breach was enough to deem a project a security failure. But now, a project might be judged not for how airtight it is, but for how little damage is done during a breach.

Overall spending on cybersecurity projects will jump from US$90 billion in 2017 to US$113 billion by 2020.

Source: Gartner

image

“The strategy of defense and prevention is still used, but we're also augmenting it with detection and response.”

—John Petrie, NTT Security, San Antonio, Texas, USA

A lock screen from a cyberattack warns that data files have been encrypted.

image

BLOOMBERG PHOTO VIA GETTY IMAGES

“CISOs are keen to communicate the return on investment of their security strategy in terms of the business value associated with quick damage limitation, in addition to threat prevention and blocking,” research director Lawrence Pingree noted in the Gartner report.

According to a 2017 PwC report, the next frontier will be an uptick in collaboration across organizations—a process of sharing real-time threat intelligence with business peers, industry groups and government agencies. Because when data pirates seem to be lurking around every corner, businesses may find there's better safety in numbers. —Kate Rockwood

Advertisement

Advertisement

Related Content

  • Project Management Journal

    Narratives of Project Risk Management member content locked

    By Green, Stuart D. | Dikmen, Irem The dominant narrative of project risk management pays homage to scientific rationality while conceptualizing risk as objective fact.

  • Thought Leadership Series

    El éxito de las PMO en Latinoamérica member content open

    Los proyectos en América Latina se encuentran en un punto crucial. En toda la región, desde la infraestructura hasta las finanzas, desde la TI hasta el desarrollo sostenible, las organizaciones…

  • Thought Leadership Series

    O sucesso do EGP na América Latina member content open

    Os projetos na América Latina estão em um ponto crucial. Em toda a região, da infraestrutura às finanças, da TI ao desenvolvimento sustentável, as organizações estão implantando iniciativas para…

  • PMI White Paper

    Agile Regulation member content open

    By National Academy of Public Admiistration | PMI The National Academy of Public Administration recently presented the results of a year-long effort to identify the Grand Challenges in Public Administration.

  • Project Management Journal

    Identifying Subjective Perspectives on Managing Underground Risks at Schiphol Airport member content locked

    By Biersteker, Erwin | van Marrewijk, Alfons | Koppenjan, Joop Drawing on Renn’s model and following a Q methodology, we identify four risk management approaches among asset managers and project managers working at the Dutch Schiphol Airport.

Advertisement