NZ Incident Response Bulletin - September 2024

The September edition of the NZ Incident Response Bulletin was published today. The bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Each Bulletin also includes a section of our own content, based on a trending theme, this months being?“Cybersecurity Investment in 2024 ”.

Landscape Overview

Global security and risk management spending is expected to hit USD 215 billion in 2024, a 14.3% increase from 2023 . It is thought that various factors are driving increased security spend this year including:

• Cloud and Hybrid Workforce: The rise of cloud computing and hybrid work models is believed to be pushing organisations to invest heavily in cloud security, with spending in this area expected to grow by 24.7%.
• Generative AI: While generative AI aids in threat detection, it also enables sophisticated attacks. This duality is driving investments in AI-powered security solutions.
• Regulatory Changes: Evolving privacy regulations, particularly around data and AI usage, are increasing spending on data privacy, projected to grow by 24% in 2024.

In particular, organisations are looking to increase their spend in the following areas:

• Application Security: Driven by the need to protect critical software.
• Identity and Access Management: Reflecting the importance of secure access in an interconnected world.
• Infrastructure Protection: Anticipated to rise by 17.5%, as organisations focus on securing critical digital infrastructure.
• Security Services: Forecasted to reach USD 90 billion, representing 42% of total spending, with growth in consulting, IT outsourcing, and hardware support

There is also a rising demand for cloud-based detection and response solutions like EDR and MDR and key tools such as Cloud Access Security Brokers (CASB) and Cloud Workload Protection Platforms (CWPP) due to the widespread migration to cloud infrastructure.

The expected growth in cybersecurity spending emphasises the need for organisations to fully understand how to approach cybersecurity investment.? The National Cyber Security Centre (NCSC) of New Zealand, a part of the Government Communications Security Bureau (GCSB), has therefore developed a detailed guide to help organisations navigate the complexities of cyber security investment. This guide is designed for both government and non-government entities, providing a structured approach to managing cyber security investments. The document is a starting point for understanding how to align cyber security efforts with broader business strategies, ensuring that investments yield tangible improvements in cyber resilience.

As organisations increasingly expand their digital presence, the risks to their information assets and operational capabilities grow. These risks necessitate strategic investments in cyber security, which must be carefully aligned with the organisation’s overall business objectives. It is important to treat cyber security as a critical business function, with investments justified and validated through a well-defined plan. This plan should be flexible, allowing the organisation to adapt to changing threats while using metrics to link investments to organisational improvements.

The NCSC Four Phases of Cyber Security Investment

1. Know the Landscape

• Understanding Threats and Risks: Organisations must maintain a consistent understanding of the cyber threat landscape, which should be communicated across all levels. This visibility helps in setting appropriate objectives and ensuring successful investments.
• Aligning Investments with Threats: Investments should be evaluated in the context of the specific threats and risks the organisation faces. This involves identifying key threats, prioritizing assets, and focusing on critical controls that address these threats.

2. Define the Strategy

• Strategic Planning: Cyber security investments must be anchored in a broader strategic plan that aligns with the organisation’s business strategy and financial governance. Without a clear strategy, investments may target the wrong threats or lack the necessary governance.
• Governance and Financial Alignment: Effective governance is crucial for ensuring that cyber security investments are aligned with organisational goals. Investments should also consider both capital (CapEx) and operational (OpEx) expenditures, ensuring a balanced approach that supports long-term resilience.

?

3. Deliver Results

• Implementation: With a strategy and investment plan in place, organisations must focus on delivering results. This includes defining the scope of investments, estimating costs, and managing resources effectively. Continuous investment and commitment are essential for achieving lasting improvements in cyber resilience.
• Choosing the Right Methodology: While Agile methodologies are effective for iterative improvements, more formal design processes may be necessary for complex, high-risk investments. The chosen approach should match the cost of failure and the complexity of the project.

4. Measure Success

• Metrics and Reporting: Success in cyber security investment is measured through specific, measurable, assignable, realistic, and time-bound (SMART) metrics. These metrics should be linked to strategic outcomes and refined as the organisation matures.
• Challenges and Opportunities: Implementing a cyber security strategy is complex, and organisations must navigate challenges such as over-optimistic planning, project complexity, and maintaining alignment between strategy and delivery.

Common Challenges and Pitfalls

The guide identifies several common challenges that organisations face when implementing a cyber security investment strategy, including:

• Over-optimistic Planning: Attempting to tackle too many initiatives at once can overwhelm resources and slow progress.
• Project Complexity: Even small organisations can have significant technical complexity, which can complicate cyber security initiatives.
• People and Resources: Dependencies on key staff can impede progress, making it necessary to focus on fewer initiatives but deliver them well.

Investing in cyber security is a continuous process that requires strategic planning, effective governance, and ongoing measurement. By following the structured approach outlined by the NCSC, organisations can enhance their cyber resilience, aligning investments with business objectives and adapting to the evolving threat landscape. This approach transforms cyber security from a reactive problem to a proactive enabler of organisational success.

The Bulletin:

To obtain a full copy of the Bulletin, please visit https://incidentresponse.co.nz/bulletin