Juniper Networks (NYSE: JNPR), the industry leader in network innovation, in partnership with the RAND Corporation, a nonprofit institution that helps improve policy and decision-making through research and analysis, unveiled new insights into the economic challenges, trade-offs and demands facing companies as they protect themselves against increasingly complex security threats.
The in-depth report by leading economic and cybersecurity experts at RAND found chief information security officers (CISOs) often face a chaotic and confusing landscape when deciding the most efficient and cost-effective way to manage the risks posed by security to their business. Most troubling, the research indicates that many companies are spending increasing amounts on cybersecurity tools, but are not confident that these investments are making their infrastructure secure.
Juniper Networks believes this dynamic is due to a lack of solid calculus that considers both the cost of security tools and resources, and the potential cost of a breach, which by definition is neither certain nor predictable. CISOs need a way to better understand the variables that most influence the cost of managing cybersecurity risk holistically and the different decisions they can make to protect their organizations. To address this need, RAND developed a heuristic economic model that for the first time maps the major factors and decisions that influence the cost of cyber-risk to organizations, which is discussed in “The Defender’s Dilemma: Charting a Course Toward Cybersecurity,” the second report of a two-part series.
With RAND’s model projecting the cost to businesses in managing cybersecurity risk set to increase 38 percent over the next 10 years, Juniper believes that the time is now for organizations to start managing security spending and risk management as a discrete business function. Just as there are established models that help organizations understand and achieve their strategic marketing or sales goals and objectives, security teams need a way to help better understand the economics of managing security risk, the range of variables implicated, and what investments should be made to more efficiently protect infrastructures.
News Highlights:
Juniper Networks believes there are five major factors confirmed by RAND’s model that companies should strongly consider as they evolve their security postures:
To bring the model to life, Juniper Networks is releasing an interactive interpretation of RAND’s economic model. This new tool provides businesses with general guidance on where the model suggests they should invest their time and resources across the major areas that they can control in order to reduce the potential costs.
“The Defender’s Dilemma: Charting a Course Toward Cybersecurity,” is authored by RAND Corporation security experts Martin Libicki, Lillian Ablon and Timothy Webb and is based on in-depth interviews conducted between October 2013 and August 2014 with CISOs on the current and emerging threat landscape. This research builds on the first report of the two-part Juniper-sponsored series from RAND, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” which examined the economic drivers for attackers and the sophisticated underground black market they’ve created to scale their efforts.
Supporting Quotes:
“The security industry has struggled to understand the dynamics that influence the true cost of security risks to business. Through Juniper Networks’ work with the RAND Corporation, we hope to bring new perspectives and insights to this continuous challenge. What’s clear is that in order for organizations to turn the table on attackers, they need to orient their thinking and investments toward managing risks in addition to threats.”
- Sherry Ryan, chief information security officer, Juniper Networks