Key Insights From Cybersecurity Analysis

"𝘞𝘦 𝘤𝘢𝘯'𝘵 𝘢𝘱𝘱𝘳𝘰𝘷𝘦 𝘵𝘩𝘪𝘴 𝘤𝘺𝘣𝘦𝘳𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘣𝘶𝘥𝘨𝘦𝘵 𝘸𝘪𝘵𝘩𝘰𝘶𝘵 𝘶𝘯𝘥𝘦𝘳𝘴𝘵𝘢𝘯𝘥𝘪𝘯𝘨 𝘵𝘩𝘦 𝘙𝘖𝘐." The CFO's request was reasonable but revealed a fundamental disconnect in how organizations evaluate security investments: conventional financial metrics don't apply to risk mitigation. 𝗧𝗵𝗲 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲: 𝗠𝗮𝗸𝗶𝗻𝗴 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗮𝗻𝗴𝗶𝗯𝗹𝗲 Traditional security justifications relied on fear-based narratives and compliance checkboxes. Neither approach satisfied our financially rigorous executive team. Our breakthrough came through implementing a risk quantification framework that translated complex security concepts into financial terms executives could evaluate alongside other business investments. 𝗧𝗵𝗲 𝗠𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝘆: 𝗤𝘂𝗮𝗻𝘁𝗶𝗳𝘆𝗶𝗻𝗴 𝗥𝗶𝘀𝗸 𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲  𝟭. 𝗕𝗮𝘀𝗲𝗹𝗶𝗻𝗲 𝗥𝗶𝘀𝗸 𝗖𝗮𝗹𝗰𝘂𝗹𝗮𝘁𝗶𝗼𝗻: We established our annual loss exposure by mapping threats to business capabilities and quantifying potential impacts through a structured valuation model.  𝟮. 𝗖𝗼𝗻𝘁𝗿𝗼𝗹 𝗘𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀 𝗦𝗰𝗼𝗿𝗶𝗻𝗴: We created an objective framework to measure how effectively each security control reduced specific risks, producing an "effectiveness quotient" for our entire security portfolio.  𝟯. 𝗘𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝗰𝘆 𝗙𝗮𝗰𝘁𝗼𝗿 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀: We analyzed the relationship between control spending and risk reduction, identifying high-efficiency vs. low-efficiency security investments. 𝗧𝗵𝗲 𝗥𝗲𝘀𝘂𝗹𝘁𝘀: 𝗧𝗮𝗿𝗴𝗲𝘁𝗲𝗱 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁  • Our IAM investments delivered the highest risk reduction per dollar spent (3.4x more efficient than endpoint security)  • 22% of our security budget was allocated to controls addressing negligible business risks  • Several critical risks remained under-protected despite significant overall spending 𝗞𝗲𝘆 𝗟𝗲𝘀𝘀𝗼𝗻𝘀 𝗶𝗻 𝗥𝗶𝘀𝗸 𝗤𝘂𝗮𝗻𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻  𝟭. 𝗦𝗵𝗶𝗳𝘁 𝗳𝗿𝗼𝗺 𝗯𝗶𝗻𝗮𝗿𝘆 𝘁𝗼 𝗽𝗿𝗼𝗯𝗮𝗯𝗶𝗹𝗶𝘀𝘁𝗶𝗰 𝘁𝗵𝗶𝗻𝗸𝗶𝗻𝗴: Security isn't about being "secure" or "vulnerable"—it's about managing probability and impact systematically.  𝟮. 𝗖𝗼𝗻𝗻𝗲𝗰𝘁 𝗰𝗼𝗻𝘁𝗿𝗼𝗹𝘀 𝘁𝗼 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗼𝘂𝘁𝗰𝗼𝗺𝗲𝘀: Each security control must clearly link to specific business risks and have quantifiable impacts.  𝟯. 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲 𝗰𝗵𝗲𝗿𝗶𝘀𝗵𝗲𝗱 𝗮𝘀𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻𝘀: Our analysis revealed that several long-standing "essential" security investments delivered minimal risk reduction. By reallocating resources based on these findings, we:  • Reduced overall cybersecurity spending by $9M annually  • Improved our quantified risk protection by 22%  • Provided clear financial justification for every security investment 𝐷𝑖𝑠𝑐𝑙𝑎𝑖𝑚𝑒𝑟: 𝑉𝑖𝑒𝑤𝑠 𝑒𝑥𝑝𝑟𝑒𝑠𝑠𝑒𝑑 𝑎𝑟𝑒 𝑝𝑒𝑟𝑠𝑜𝑛𝑎𝑙 𝑎𝑛𝑑 𝑑𝑜𝑛'𝑡 𝑟𝑒𝑝𝑟𝑒𝑠𝑒𝑛𝑡 𝑚𝑦 𝑒𝑚𝑝𝑙𝑜𝑦𝑒𝑟𝑠. 𝑇ℎ𝑒 𝑚𝑒𝑛𝑡𝑖𝑜𝑛𝑒𝑑 𝑏𝑟𝑎𝑛𝑑𝑠 𝑏𝑒𝑙𝑜𝑛𝑔 𝑡𝑜 𝑡ℎ𝑒𝑖𝑟 𝑟𝑒𝑠𝑝𝑒𝑐𝑡𝑖𝑣𝑒 𝑜𝑤𝑛𝑒𝑟𝑠.

The 2025 Verizon Business Data Breach Investigations Report (DBIR) is here, and it delivers critical insights into the shifting cybersecurity landscape. For Enterprise and Public Sector business decision-makers, understanding these trends is crucial for protecting your organizations and the communities we serve. Here are some key findings from the report that rose to the top for me: - Exploitation of Vulnerabilities Surges: A 34% increase in vulnerability exploitation, with a focus on zero-day exploits targeting perimeter devices and VPNs, demands heightened vigilance and proactive patching strategies. - Ransomware Remains a Persistent Threat: Ransomware attacks have risen by 37%, now present in 44% of breaches. Enterprise and Public Sector entities must bolster their defenses and incident response capabilities. - Third-Party Risks Double: Breaches involving third parties have doubled, highlighting the critical importance of supply chain security and robust vendor management programs. - Espionage-Motivated Attacks Rise: We're seeing an alarming rise in espionage-motivated attacks in sectors like Manufacturing and Healthcare, as well as persistent threats in Education, Finance, and Retail. Public Sector entities are also at risk. - Credential Abuse Continues: Credential abuse remains a leading attack vector, emphasizing the need for strong authentication, multi-factor authentication, and continuous monitoring. For Enterprise and Public Sector organizations, these findings underscore the need for a multi-layered defense strategy, including: - Robust Vulnerability Management: Implement timely patching and vulnerability scanning. - Enhanced Security Awareness Training: Address the human element and reduce susceptibility to social engineering. - Strengthened Third-Party Risk Management: Thoroughly vet and monitor vendors and partners. - Advanced Threat Detection and Response: Invest in technologies and processes to detect and respond to threats quickly. The 2025 DBIR provides actionable insights to help us navigate these challenges. To dive deeper into the findings and learn how to enhance your organization's security posture, visit: https://lnkd.in/eXdHUYVM #Cybersecurity #DataBreach #EnterpriseSecurity #PublicSector #DBIR #Ransomware #ThreatIntelligence #VerizonBusiness #PublicSectorSecurity Verizon Jonathan Nikols | Daniel Lawson | Robert Le Busque | Sanjiv Gossain | Maggie Hallbach | Don Mercier | Chris Novak | Alistair Neil | Ashish Khanna | Alex Pinto | David Hylender | Suzanne Widup | Philippe Langlois | Nasrin Rezai | Iris Meijer

#Cybersecurity Strategies for #Retail - Effective cybersecurity embraces basic principles. Prioritize the threats. Maximize the impact of each investment. Keep it simple. Some suggestions to consider: 1.) Implement basic cyber hygiene 2.) Protect critical systems against ransomware and zero-day 3.) Protect devices that can't protect themselves 4.) Segment your remote network 5.) Respond to alerts promptly. 6.) Restrict employees access on a "need-to-know" basis. 7.) Simplify 1.) Implement basic cyber hygiene - Conduct regular employee training to mitigate the phishing threat, keep software up-to-date, backup data, implement multi-factor authentication #MFA, etc. 2.) Protect critical systems against #ransomware and #zeroday - While the POS is often protected with P2PE encryption, the store manager's PC is often overlooked. Install Endpoint Protection (#EPP) on the store manager's PC to check every incoming file for ransomware and zero-day threats before they can threaten the business. 3.) Protect devices that can't protect themselves - As retail becomes increasingly dependent on technology, every networked device increases the threat landscape. Please pay particular attention to those devices that can't defend themselves. Video cameras, thermostats, and IoT appliances typically don't support cybersecurity software agents. Use Network Detection and Response (#NDR) to analyze network traffic to detect and identify dangerous threats. 4.) Segment your remote network - Segmentation will provide additional protection if a data breach occurs. Use a Managed Firewall to isolate systems virtually and physically, according to their impact on the business. 5.) Respond to alerts promptly. Unfortunately, all efforts to detect an intruder are wasted without an appropriate response. Employ Managed Detection and Response (#MDR) services to act immediately when a threat is detected. 6.) Restrict employees access on a "need-to-know" basis. Providing employees with unnecessary access to critical systems undermines the business's cybersecurity posture. Implement Secure Access Service Edge (#SASE) and Zero Trust Network Access (#ZTNA) to limit employees (and the cyber threats) to only what is necessary to fulfill their responsibilities. 7.) Simplify - The more vendors and technologies involved, the more complicated the infrastructure and the operations. Where possible, consolidate. The simpler the operations, the more effective and sustainable the cyber defensive posture. Make proportionate investments in cyber as your business grows. If your business's value grows beyond your cyber defenses' capability, bad actors will become increasingly motivated to monetize the gap. #TimTang Hughes #NRFBigShow #NRF2024

For the first time in history, the #1 hacker in the US is AI …but as the threats have been evolving, so have the solutions. Over the past year, the focus for all major players has shifted to building an AI-enhanced SOC (Security Operations Center). Every company has a different approach, but the key trend has been building out data infrastructure and response capabilities on top of the data that companies already have. Here are the key components of the Agentic AI SOC. ◾ Sources of Data ◾Data Infrastructure ◾Response and Decision Layer ◾AI Agents that act on these insights While the ultimate goal is to create AI Agents, that is not necessarily where the value lies. Companies were able to whip up AI Agents shortly after the first LLMs were introduced. I think the value will be in the data, both the Source and the Data Infrastructure Layer. 1. Sources of Data. This stems from a large installed customer base. Here, leaders in Network, Endpoint, Identity, and Cloud security have a significant advantage, as they already possess large amounts of data. 2. Data Infrastructure: This is an emerging area where there is ample room for new entrants to offer innovative solutions. It is also the primary source of acquisitions for large, publicly traded companies. As Francis Odum from Software Analyst Cyber Research put it “We know that data sources are multiplying rapidly with GenAI. More tools mean> more data sent into SIEMs > which means more storage, costs, and alert noise! If we solve issues at the data sources (filter, normalize, threat intel enrichment, and importantly, fix detection rules, etc.), everything else will follow. In the next phase of cybersecurity, the winners will be those who can move from collecting data to orchestrating outcomes and build cohesive platforms. Where do the public players stand today? 🟩 Companies that are building unique platforms are winning: Zscaler, Cloudflare, CrowdStrike, Palo Alto Networks 🟥 Companies that rely on antiquated technologies are losing: Splunk, Exabeam We just published Spear 's updated Cybersecurity Primer, which delves into recent cybersecurity trends and provides a lay of the cybersecurity landscape. You can access it here: https://lnkd.in/gWdRfxnz #cybersecurity #ai #technology

The Harsh Reality of Today's Cyber Threat Landscape ✅$4.88M average global cost of a data breach ($9.3M in the US) ✅99% of ransomware attempts target your backups ✅24 days average recovery time after a cyber incident ✅75% of IT security professionals report significant impact from AI-powered threats Bill O'Connell, Chief Security Officer at Commvault shared invaluable insights on cyber readiness at Amazon Web Services (AWS) reInforce this week. Here are my 3 key takeaways: 1. The Evolution from Defense to Resilience O'Connell's key insight: "Building the wall higher just led to really good climbers." Traditional security frameworks (CIA Triad, ISO, NIST) focused heavily on prevention, but the evolved CSO/CISO perspective now emphasizes: ✅Focus more on response/recovery rather than just prevention ✅Identify what's most important and plan specifically for those assets ✅Test everything - your plans are only as good as your ability to execute them 2. What Is Minimum Viability When your business is on the line, three things become critical: ✅Identity and Access Management ✅Communication and Collaboration tools ✅Mission Critical Cloud Applications The question isn't if you'll face a cyber incident, but how quickly you can recover your most essential operations. 3. Put Your Recovery into Practice As O'Connell emphasized: Put your recovery into practice. Regular testing and realistic recovery planning are business survival strategies. For organizations ready to assess their cyber readiness, Commvault offers tools and resources to help evaluate your current state and build resilience into your infrastructure. What's your organization's approach to balancing prevention with recovery planning? How are you testing your cyber readiness? #AWSreInforce2025 #CyberSecurity #CommvaultPartner #cyberresilience #continiousbusiness To stay current with the latest trends in #Technology and #Innovation, Subscribe to 👉 #CXOSpiceNewsletter here https://lnkd.in/gy2RJ9xg or 👉 #CXOSpiceYouTube https://lnkd.in/gnMc-Vpj