5 Ways to Invest Your Remaining Infosec Budget

As reported in the annual Verizon Data Breach Investigations Report, credential theft is the most common cause of a data breach over the past few years. This is because passwords are easily stolen or guessed. MFA helps reduce the risk of that threat by providing you with a code, most often cryptographically sent to a specialized app on a mobile device, that is impossible to guess and hard to steal.

Avoid solutions that send this code via SMS to your phone or via email, as neither SMS nor email are secure methods of sending sensitive authentication data. A more secure approach uses client certificates to authenticate the devices on your network. This cryptographically superior technique is more secure against phishing than other MFA technologies, and phishing is the most common way to steal credentials. Most MFA solutions will run between $30 and $50 per user per year.

Threat intelligence feeds add external context to internal events and provide visibility into both discussions about your company and corporate data for sale on the dark web. They provide indicators of compromise that can be matched against the traffic you’re seeing on your networks, servers, and infrastructure. Good providers will structure this to the MITRE ATT&CK framework to allow you to hone your defenses. Threat intelligence can speed up detection of a sophisticated attack and help you identify how best to respond to the attack.

Many threat intelligence feeds specialize in providing specific, targeted information from the dark web, such as a listing of credentials that have been compromised, so it makes sense to leverage different feeds from organizations that provide different intelligence. These can cost from as little as $1,500 a year for a specialized feed to $10,000 per year for a more data-rich feed.

A penetration test is an attack simulation against your defenses. This allows you to test how well you’d survive a determined and skilled attack and how quickly your monitoring can detect and alert you on attacks targeted at your organization. The most important thing about a penetration test is that if the testers gain access to sensitive information, they will let you know how it happened so that your team can shore up your defenses.

A third-party vulnerability scan can show you how your organization looks to those who wish to attack it. While it lacks the attempt to penetrate your defenses, a vulnerability scan can readily identify those issues used by attackers at a fraction of the cost with the benefit of being able to repeat the scans as needed.

While penetration tests often cost about $15,000 for a two-week engagement, vulnerability management may be $20,000 to $40,000 for a year’s worth of results.

Tabletop exercises provide expert training for your staff on how to handle the worst of incidents. They will use experience from incidents that other organizations have faced to educate your entire organization on how to detect, respond to, communicate internally, and communicate externally regarding a variety of incident scenarios. Good scenarios to explore are ransomware response, a data breach, or even the simulation of a disaster. Some organizations will use gaming concepts, such as a zombie attack, to help you develop a pandemic response plan.

Make certain to involve not only your information security team but also your IT staff, human resources department, legal team, and marketing team, as all of these groups would be involved in a real incident. These exercises can cost between $15,000 and $30,000 if you engage a good organization.

24/7 MDR uses the expertise of a company that specializes in searching for and identifying malicious traffic to establish monitoring of your entire infrastructure, servers, and applications for attacks. With the high cost and sparsity of expert security analysts, this gives you a team that can quickly detect an attack or malware in your environment and escalate to your staff for a swift and knowledgeable response. A good partner can even spot gaps in your defenses through their observation and analysis of the traffic on your company’s networks. They’ll use both machine learning and user behavior analytics to identify the unusual or the obscure.

Many MDR providers charge based on the volume of data they analyze; others charge a fixed fee. While the fees may be $200,000 or more per year, the cost is typically far less than what it would take to procure the equipment and tech platforms and maintain the staff to support this level of service yourself.