A recent shift in guidance regarding allocated spending on security breaches from select industry experts and “think tank” organizations left me dumbfounded. Said experts recommend organizations accept a data breach is inevitable and therefore reduce spending in preventative technologies in favor of incident response solutions which help detect and respond to a breach that has already occurred. To help me regain my intellectual peace, I returned to my one true place of academic sanctuary – my math books.
Given the nature of work we do at Digital Defense Inc. (DDI), we understand the prevalence of breaches across industries, and current research provides astonishing statistics that support our belief that these breaches are occurring with increased frequency.
Security industry analysts and influencers have suddenly changed their tune and are now suggesting organizations spend more on cyber security incident response solutions, even it if requires reduced spending on preventative solutions. If you are like me, you may be questioning why this is happening. Don’t organizations employ security defense mechanisms to prevent this? What can organizations do to avoid such an event? Is prevention delaying the inevitable and should organizations focus more on detecting the breach and responding to it, as opposed to investing in technologies and processes which prevent it from occurring?
I’ve recently published a white paper, Does Root Cause Analysis Support Guidance by Experts to shift Spending? Doing the Math: Lessons learned from the JPMorgan Chase & Anthem Security Breaches, in which I answer the above questions by exploring the landscape and causes of previous data breaches. Risk insight is provided by turning to the study of probabilities and mathematics. I explore the probability of a data breach and examine its dependent variables. With these variables and how they affect the probability of a data breach, I investigate preventive and incident response solutions, how these should be balanced within the context of the math and their effect on the likelihood of a data breach. My mantra is “it’s all about the math.” With a better understanding of risk, I explore several defense strategies which have been proven to directly alleviate the root causes of the data breaches.
I invite you to download the white paper and share with me your feedback.