There is no ROI when buying next-generation AI threat simulation, and yet leaving the key under the doormat.
IT security budgets are up this year reaching 16% of overall IT expenditure (2020 State of the CIO). The industry is expanding and new hyped technologies are filling up the shelves. Data is showing mixed results on the effectiveness of the available cyber-security tools.
In brick and mortar, security comes before the shop is open. The list is long: fire extinguisher, fire sprinkler, emergency exits, monitoring system, alarm system. In the IT world, we still view security as something that can be developed in-house or patched. For now, it looks like we just can stretch backyard hose instead of fire sprinkler, paint a green path for the emergency exit, buy used CCTV camera and have a “well trusted” eBay supplier to record all and then we buy the video content as a monthly subscription. After getting the key from the previous tenant we can just leave it under the doormat.
Getting cybersecurity right is hard. Although there is a little return on investment in security, usable security is an underlying infrastructure. Many organizations fail at implementing security. It’s expensive and no one wants to bother with tools that have poor usability, slow down the business process and are not mandatory. Usable security that works can go much farther. Building with security in mind is fundamental.