Cyber security industry must break the negative ROI cycle

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 07 Jun 2023

Cyber risk is increasing at a faster rate than investment in cyber security. However, the problem does not lie with the buyers – it is the cybersecurity industry as a whole that has a negative return on investment issue.

So said Jason Oehley, regional sales director at Arctic Wolf, speaking yesterday during the first day of the ITWeb Security Summit in Johannesburg.

“We know IT and security leaders are trying to do the right thing. They are investing money, time and energy into trying to protect themselves. We have over 3 000 security companies, mostly tool vendors, to choose from. And with nearly $170 billion being spent at 11% year-over-year growth, the problem doesn’t seem to be on the buyer side of things.

As an industry, we are getting a negative return on investment.

Jason Oehley

“As an industry, we are getting a negative return on investment. Something must change. Security operations is how we break the cycle.”

With security operations (SecOps), there’s a close collaboration between the security and operations teams within an organisation, with an objective to better manage cyber security threats and incidents.

Oehley noted that cyber security tools and technology are important and necessary but alone are not enough.

“Technology must be purpose-built to combine with extraordinary talent. It’s this combination of the two working together that proves the means to actually mitigate risk by reducing likelihood and impact. In today’s threat landscape, having broad visibility is crucially important.”

Cloud’s vulnerability

The majority of data breaches that hit organisations happen in the cloud.

Oehley referred to IBM’s most recent cost of a breach report, which found that 45% of breaches occurred in the cloud, and gave examples of such cyberattacks.

Medibank’s and Uber’s primary breaches began with threat actors obtaining compromised credentials, likely from the dark web or an initial access broker, and then moving through the software associated with the account credentials and into the network from there.

He added that Uber’s secondary breach was via a third-party vendor who gained access to an Amazon Web Services backup server that contained the records of UberX employees.

“This means external risks and identity-centric entry vectors are a significant threat for organisations.”