Juniper Networks (NYSE: JNPR), the trade chief in community innovation, in partnership with the RAND Corporation, a nonprofit establishment that helps enhance coverage and decision-making by way of analysis and evaluation, unveiled new insights into the financial challenges, trade-offs and calls for going through corporations as they defend themselves towards more and more advanced safety threats.
The in-depth report by main financial and cybersecurity specialists at RAND discovered chief data safety officers (CISOs) usually face a chaotic and complicated panorama when deciding essentially the most environment friendly and cost-effective method to handle the dangers posed by safety to their enterprise. Most troubling, the analysis signifies that many corporations are spending rising quantities on cybersecurity instruments, however will not be assured that these investments are making their infrastructure safe.
Juniper Networks believes this dynamic is due to an absence of strong calculus that considers each the price of safety instruments and assets, and the potential value of a breach, which by definition is neither sure nor predictable. CISOs want a method to higher perceive the variables that the majority affect the price of managing cybersecurity danger holistically and the totally different selections they’ll make to defend their organizations. To deal with this want, RAND developed a heuristic financial mannequin that for the primary time maps the key elements and selections that affect the price of cyber-risk to organizations, which is mentioned in “The Defender’s Dilemma: Charting a Course Toward Cybersecurity,” the second report of a two-part collection.
With RAND’s mannequin projecting the price to companies in managing cybersecurity danger set to enhance 38 p.c over the following 10 years, Juniper believes that the time is now for organizations to begin managing safety spending and danger administration as a discrete enterprise operate. Just as there are established fashions that assist organizations perceive and obtain their strategic advertising or gross sales targets and goals, safety groups want a method to assist higher perceive the economics of managing safety danger, the vary of variables implicated, and what investments needs to be made to extra effectively defend infrastructures.
News Highlights:
Juniper Networks believes there are 5 main elements confirmed by RAND’s mannequin that corporations ought to strongly contemplate as they evolve their safety postures:
– Many Security Tools Have a Half-Life and Lose Value: Attackers are continuously creating countermeasures to new detection programs reminiscent of sandboxing or anti-virus applied sciences. This dynamic in the end drives up the quantity corporations should spend on safety applied sciences to keep the identical degree of safety. RAND’s mannequin initiatives that over 10 years the effectiveness of these applied sciences that face countermeasures falls by 65 p.c. Companies should rigorously consider the brand new instruments they spend money on, selecting these not susceptible to countermeasures, and give attention to bettering safety administration, automation and coverage enforcement throughout the company community.
– The Internet of Things (IoT) is at a Crossroads: According to RAND, IoT will have an effect on general safety prices; nonetheless, it is unclear if it is going to be optimistic or unfavourable. If safety applied sciences and administration are correctly utilized to IoT, corporations might truly see financial savings in the long term. On the opposite hand, if corporations battle to apply safety controls successfully, RAND’s mannequin means that the introduction of IoT would enhance the losses that corporations expertise due to cyber-attacks by 30 p.c over the course of 10 years.
– Investing within the Workforce Leads to Fewer Costs Over Time: Companies can profit tremendously in making people-centric safety investments, reminiscent of applied sciences that assist automate safety administration and processes, superior safety coaching for workers, and hiring further safety employees. According to the RAND mannequin, organizations with very excessive ranges of safety diligence are in a position to curb the prices of managing safety danger by 19 p.c within the first 12 months and 28 p.c by the tenth 12 months when put next to organizations with very low diligence.
– There is No One-Size-Fits-All: Companies are doubtless not taking the optimum financial technique with their investments, which ought to differ tremendously from firm to firm based mostly on their dimension, sort of data that exists and the diligence of safety employees. Specifically, RAND discovered small to medium-sized companies profit most from primary instruments and insurance policies, whereas massive organizations and high-value targets require investments in a full vary of insurance policies and instruments given the probability that they are going to be focused by a complicated assault.
– Eliminating Software Vulnerabilities Leads to Major Cost Reductions: RAND’s mannequin discovered that one of essentially the most vital safety points that will increase the price to companies is the quantity of vulnerabilities within the software program and purposes getting used. RAND’s mannequin discovered that if the frequency of software program vulnerabilities may very well be diminished by half, the general value of cybersecurity to corporations would lower by 25 p.c.
To convey the mannequin to life, Juniper Networks is releasing an interactive interpretation of RAND’s financial mannequin. This new software supplies companies with normal steering on the place the mannequin suggests they need to make investments their time and assets throughout the key areas that they’ll management so as to cut back the potential prices.
“The Defender’s Dilemma: Charting a Course Toward Cybersecurity,” is authored by RAND Corporation safety specialists Martin Libicki, Lillian Ablon and Timothy Webb and is predicated on in-depth interviews carried out between October 2013 and August 2014 with CISOs on the present and rising menace panorama. This analysis builds on the primary report of the two-part Juniper-sponsored collection from RAND, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” which examined the financial drivers for attackers and the subtle underground black market they’ve created to scale their efforts.
Supporting Quotes:
“The security industry has struggled to understand the dynamics that influence the true cost of security risks to business. Through Juniper Networks’ work with the RAND Corporation, we hope to bring new perspectives and insights to this continuous challenge. What’s clear is that in order for organizations to turn the table on attackers, they need to orient their thinking and investments toward managing risks in addition to threats.”
– Sherry Ryan, chief data safety officer, Juniper Networks
Additional Resources:
– RAND Corporation Report: The Defender’s Dilemma: Charting a Course Toward Cybersecurity
– Juniper Networks Point of View: The Economics of Defense: Modeling Security Investments Against Risk in an Era of Escalating Cyber Threats
– Juniper Networks RAND Insights Page: http://www.juniper.net/us/en/insights/rand2015
– Juniper’s Interactive Interpretation of RAND’s Economic Model: Understanding the Economics of Cyber Defense
– Blog & Graphic: Why CISOs Should Care About the RAND Corporation’s New Cybersecurity Research by Sherry Ryan
– Blog: From Anecdotes to Patterns: The Emergence of a Cyber Defense Cost and Risk Model by Rebecca Lawson
– Blog: Talk with Customers in regards to the Cost of Security by Matt Hurley
– Juniper Networks Security: http://www.juniper.net/us/en/products-services/security/
– Juniper.web Community: www.juniper.web/neighborhood
– Juniper on Twitter: https://twitter.com/Junipernetworks
– Juniper on Facebook: http://www.facebook.com/JuniperNetworks
About Juniper Networks
Juniper Networks (NYSE: JNPR) delivers innovation throughout routing, switching and safety. Juniper Networks’ improvements in software program, silicon and programs rework the expertise and economics of networking. Additional data might be discovered at Juniper Networks (www.juniper.web) or join with Juniper on Twitter and Facebook.
Juniper Networks and Junos are registered emblems of Juniper Networks, Inc. within the United States and different nations. The Juniper Networks and Junos logos are emblems of Juniper Networks, Inc. All different emblems, service marks, registered emblems, or registered service marks are the property of their respective house owners.
,