With rapidly growing security needs and respective budgets, it is now more essential than ever for security decision-makers to zoom out of the 'products' mindset and assess their security stack in light of the overall breach protection value that their investments return.
The 2020 State of Breach Protection Survey (click here to participate) attempts to map out for the first time how breach protection is practiced and maintained globally – what are the common products, services, concerns, and challenges that are most common amongst organizations.
Any security professional filling the anonymous salary survey questionnaire, organised by The Hacker News in partnership with Cynet, will get a free copy of the survey report once it is released in January 2020. You can complete the questionnaire here.
Why is that important? Because unlike 'endpoint protection,' or 'next-generation firewall,' breach protection is not a strictly defined category and most chances are that – again, unlike these previous two examples – there is no budget in your organization that's designated for 'breach protection,' even while this is the ultimate goal of all your cybersecurity investments.
Changing from security products to breach-protection oriented mindset is essential to break away from the comfort zone of the known and currently practiced security in an organization, pushing you to ask the really hard questions continuously.
The hard questions are not whether the SIEM operates adequately or whether the EPP was successfully deployed across all endpoints in your environment, but rather – is my environment truly secured despite the products, workforce, and service providers I engage? And if not, what can I do about it?
And the best place to start is to get firm and fact-based insights into what others are doing. We all face the same attacks and need to confront them within a pool of available resources. That makes crowd-sourcing this knowledge an extremely powerful tool.
Going straight to the point – what's in it for you by filling the survey? For the most part, you will be benchmarking your variation of breach protection with a comparison set which is far wider than your standard cycles. Let's assume that your interpretation of breach protection includes, for example, EDR on your endpoints, CASB for your SaaS apps with both streaming alerts to a cloud-based SIEM, and engaging a 3rd party MSSP for incident response and investigation.
Is that a common model? If not, what is and how might it impact your onward decision making? Gaining robust knowledge on how your role and industry peers handle challenges similar to yours can provide you with new perspectives.
From a different angle – what do you perceive as your greatest challenge? Is it recruiting a skilled security team? Or perhaps capturing the management mindset to approve the budgets for all the products and services your environment requires? The best supporting evidence to a budgetary claim is showing how the request is on par with the industry standards.
So it's a win-win. Complete the survey and do a valuable service, both to yourself and to the wider community of security decision-makers.
Participate in the 2020 State of Breach Protection Survey here.