CyberTech 2020: Insights From Eli Migdal (Part 2)

CyberTech 2020: Insights From Eli Migdal (Part 2)

 

Eli Migdal, our founder, attended the CyberTech 2020 and got lots of insights from the event. 

In this video, he is discussing the complexity of the cybertech field and how to easily communicate it to decision-makers and board members. 

“How can we really expect our boss, our decision-makers, to fully comprehend the complexity of cybersecurity, especially now in 2020?” 

He explains that even the cybersecurity community finds the field extremely complex. To keep on top of things, cybersecurity professionals must learn about new developments and keep a close eye on new threats, as well as being aware of all the regulatory changes. 

Cybersecurity professionals spend lots of resources on understanding the latest developments – both threats and solutions – by constantly reading, learning, and using proof of concept. 

And while so many resources go into understanding threats and developing adequate solutions quickly, there is also the issue of a big skill gap in the field, where there just aren’t enough cybersecurity professionals. 

“How can we explain this super complex problem which is also complicated for cybersecurity professionals?” asks Eli. How can cybersecurity professionals present the threats and solutions to the board of directors and decisionmakers? 

He gives an insightful answer: “We must simplify it it’s our responsibility. This is what we are getting paid for.” 

As cybersecurity professionals, the only way to truly communicate the impact to board members and decision-makers is to quantify the complexities of the cybersecurity field into financial figures. 

It’s simple really: the board and decisionmakers do not have the time to keep track of all the changes in the field, and they do not care about the complexities faced by cybersecurity professionals. What they do care about are the figures. 

It is not the rate scores or complexity that helps them make a decision – it’s the financial impact. 

Simplify. Don’t complicate.

Simplify Cyber Security

Explain why/how your solutions work, to a non-techy audience. 

CyberTech 2020: Insights From Eli Migdal (Part 1)

CyberTech 2020: Insights From Eli Migdal (Part 1)

Our founder Eli Migdal attended the CyberTech 2020 event. In this video, he is discussing the biggest issue cybersecurity is facing right now – response times to new threats. 

He explains that the issue isn’t in lack of solutions and that there are numerous vendors that are working on different solutions for the same problem. He further stated that he counted at least 15 cybertech companies that are working on solving fraud detection and breaches, which gives him the perfect opportunity to address a rather pressing issue – choosing the right solution.

“How can we quickly choose between them if there are so many solutions?”

Eli argues this is the tricky part of the cybersecurity business. There are different solutions that all work well for a particular issue, but which one is best? 

“As professionals, we still need to investigate those solutions.”

While a solution might sound good on paper, it will be clearer if it’s the right choice after having a proof of concept and evaluation. 

This process of determining the best solution cannot be sped up, but the process that follows can be. The solution cybersecurity experts choose needs to be presented in front of the board of directors. 

“We must make it quicker,” he says about the process of getting approval for the solution cannot wait, especially when there are so many threats to address and so many solutions to choose from. 

He explains that the risk of security and breach issues can be mitigated greatly if organisations move quickly enough. This means that the decisionmaking process of the board “must be quicker than the bad guy’s”. 

“We don’t have a technical solution problem […] the cybersecurity community can solve the majority of the problems; we just need to move quick enough.”

This means that we need to have the means to speed up the decisionmaking. When the decisionmaking is quicker than the bad guy’s decision-making process, we’ll be able to address cybersecurity before it becomes an issue. 

React quickly to cyber threats

Measuring and Improving Cybersecurity ROI

Measuring and Improving Cybersecurity ROI

Measuring and Improving Cybersecurity ROI

The successful acceptance of new business investments—no matter whether it’s for sales, marketing, technology, or another area—is dependent on the return on investment (ROI). 

ROI is a key performance indicator that helps decision-makers determine whether their investments are sound or not.

For CISOs presenting new solutions to decision-makers, it’s next to impossible to talk about cybersecurity ROI without hard numbers to back it up. 

This is exactly why technology, and especially cybersecurity investments, are an issue. They do not generate revenue themselves but eliminate risk and potential costs. All businesses are aware they must invest in cybersecurity, yet many are reluctant to do so as it’s seen as ‘too expensive’ because until now cyber threats have been nearly impossible to quantify in real numbers. 

When the company cannot see the financial damage that can happen under certain threats and what systems would be affected, they often won’t want to spend for solutions. 

Such a stance leads to pushback on possible solutions and tools because they cost money but offer no way to measure ROI. 

There are some posts that give pointers on maximizing cybersecurity ROI, but not one of them has a way to actually measure it and present numbers. 

 

  • How can a vendor selling cybersecurity solutions show their tool is worth investing in if there is no way to track performance? 
  • How can a CISO show the board why investing in solutions is the smart choice without speaking in a language they understand? 

 

Boardish quantifies cybersecurity threats. It helps show that solution costs are but a fraction of the actual threat risk by showing risk in a language decision-makers understand – financial impact. 

Cybersecurity ROI – An Example

For example, the proposed solution costs $10k (with implementation). To showcase it’s worth it, any vendor or CISO would need to present how much the threat would cost, such as ransomware infecting the systems. 

Boardish can do that—it will present the cumulative cost of the threat—in this case, $100K—and how much the cost would be per specific segments, such as market loss, sales loss, regulation loss or salary loss.

Since a $10k cost for your security tool covers a threat that would cost $100k, there is a clear ROI to present to decision-makers. 

But the best part is that vendors can present how successful the tool would be in mitigating the threat, and even how much exposure is left AFTER implementing your solution too! 

Quantify Threats & Measure Cybersecurity ROI (with actual figures) With Boardish! 

The Boardish Threat Protection Factor (TPF) methodology enables vendors and security specialists to present actual numbers and helps them measure and quantify ROI. Decision-makers will finally be able to decide on cybersecurity and tech business ventures the same way as with all others.  

5 Ways A CISO Can Improve Cybersecurity ROI

#1 Identify threats 

You need to know what threats present the largest risks to the company. It’s not feasible to spend money on the wrong tools because you don’t know the biggest threats. 

#2 Determine your risk appetite

See what risks you are willing to accept and tolerate, versus which ones the company would better mitigate with the most efficient tool.

#3 Ditch legacy solutions 

Perimeter controls and focus on external threats aren’t enough in times when new regulations dictate you pay millions in the event of a data leak or breach. Find solutions that will cover the most expensive threats that present a real risk and be PROACTIVE in your search for solutions.

#4 Implement solutions with best ROI 

The most expensive solutions are not necessarily the best ones—often companies will automatically look at tools that cost most and hope it means it will offer the best protection. Or they choose the cheapest option that provides virtually no protection at all. 

Yet the effectiveness of a solution depends on many factors: the environment (on-premise or in the cloud?), company position, current solutions, so focus on solutions that address specific needs. Make sure you’re calculating ROI effectively with Boardish

#5 Be agile

The currently implemented solutions need to be continuously measured for efficiency, and the cybersecurity landscape followed to see new threat trends. This is the only way to ensure the implemented tools are the best possible choice in terms of security and ROI. 

Ultimately, measuring and improving your company’s cybersecurity ROI is reliant on understanding the figures. Quantify the risk, quantify the solution, and just like any other function, let the numbers do the talking! 

Measure cybersecurity ROI

Explain the benefits of your solutions, to a non-techy audience.