How CSPs measure the success of security protocols

People in a meeting

This article was originally published to the Nokia blog by Gerald Reddig on October 17, 2019.

My first 5G security article covered the four elements that form the basis for building digital trust in the 5G era. I then wrote about the importance of security strategies as part of the overall 5G planning – well before deployment and not just as an afterthought. 

In this article, I will explore why 5G cybersecurity posture is the new business KPI for telco executives and board members, and why it is imperative for cybersecurity teams to adapt in workflow and tools, especially in Security Operations Centers (SOCs).

Do telco security professionals really know what their consumers want?

Not according to a recent KPMG report, which showed they have widely different priorities in some areas. Whilst security executives think it is highly important to apologize for any security breach, consumers are much more interested in getting proof that it won’t happen again.

An oft-quoted catchphrase says that the customer is always right, so pleasing them is – or should be – a major business objective. That is why it is crucial for the 5G telco industry to integrate security teams and their KPIs into the overall business strategy and objectives from the outset. That way, they can build both digital products and services that meet the functional and security expectations of enterprises and their consumers.

a graph comparing the priorities of a consumer versus the priorities of a security executive
Do security professionals really know what consumers want? Source: Consumer Loss Barometer: The economics of trust (KPMG, 2019)

As a result of this, cybersecurity teams in CIO or CISO organizations must expand their roles, moving from protecting their company’s operations and infrastructure to boosting the security levels offered in their 5G services and applications. It is important for security leadership to understand the needs of customers, and instead of being a “back-office function”, they must become a vital contributor in delivering extraordinary customer experiences.

Defining the metrics

For a successful 5G business, a defined cybersecurity posture and its metrics must accurately report its data to all relevant stakeholders, especially to the board. Board members and C-level executives want to see security metrics that clearly show the likely effects on their business goals, as well as any costs incurred. The Ponemon Institute even puts a number on this. A breach with a lifecycle longer than two hundred days costs an organization 37 percent more than one with a lifecycle shorter than two hundred days ($4.56 million vs. $3.34 million, respectively).

Forty-four percent of the Ponemon study respondents say their organizations’ security posture significantly improved over the past 12 months and specific metrics are used to understand the reasons for this. The graph below shows that 55 percent of respondents say improvements are tracked by the number of cyberattacks prevented. This is followed by time to identify the incident and time to contain the incident (51 percent and 48 percent of respondents, respectively).

 a graph measuring the security posture of a company
How does your organization measure security posture? Source: 2019 Cost of a Data Breach report (IBM, Ponemon Institute)

The value of security operations can be best documented in metrics such as Mean Time To Identification (MTTI), and Mean Time To Contain (MTTC) a cybersecurity intrusion or incident. The graph below shows that, since last year, the MTTI and MTTC of a data breach have increased. In 2019, the MTTI was 206 days and the MTTC was 73 days for a combined 279 days, an increase of 4.9 percent from last year when the MTTI and MTTC were 197 and 69 days (combined 266 days), respectively.

a chart measuring the days of a company's security breach identification to containment
Days of breach identification and containment. Source: 2019 Cost of a Data Breach Report (IBM, Ponemon Institute)

Significantly reducing MTTI and MTTC starts with an understanding of the characteristics of attacks, such as impact, signature and behavior. From there, many groups need to work together, enabled by technology that can deal with multiple events, then use log and alarm data to automate and orchestrate incident response processes. If a CIO security department has the tools to capture this information, compiling reports of successfully repelled attacks is a good way to prove value.

Security orchestration and automation tools can help security teams improve KPIs like MTTI and MTTC. These tools can also use analytics and automation to aid the investigation of threats and advise on an appropriate response. Enriched insights from threat intelligence feeds and AI-based tools enable organizations to identify, contain, remediate and eradicate threats faster than adversaries can compromise the enterprise’s data.

Using telco-centric orchestration and automation technology allows security operations teams to use their processes and procedures in automated ways that significantly reduce the MTTI & MTTC within their organizations.

In other words, implementing an adaptive platform that integrates tools, correlates data and orchestrates mitigation actions can help CIO/CISO organizations significantly improve their overall security posture.

Read the first two articles in this series:

In 5G we trust: why flexible security is a 5G business essential
Think 5G security right now

About Futurithmic

It is our mission to explore the implications of emerging technologies, seeking answers to next-level questions about how they will affect society, business, politics and the environment of tomorrow.

We aim to inform and inspire through thoughtful research, responsible reporting, and clear, unbiased writing, and to create a platform for a diverse group of innovators to bring multiple perspectives.

Futurithmic is building the media that connects the conversation.

You might also enjoy
lisa park blooming
Lisa Park on inner states and the heart of human communication