I think we are all familiar with the obvious costs of poor security. Millions of dollars lost recovering from breaches, brand damage and etc. This is pretty much the conventional wisdom now days. Luckily my job includes speaking and interacting with customers that are using, or are considering trying Bromium to help them with countering all the nasty threats that seem to get past their defenses no matter what they try or how hard they work. This seems to be a timely topic as there have been a few good surveys including one by Ponemon about security operations costs.
What I find striking when speaking with these folks and reading the reports is the amount of time, effort and money security teams put into securing their organizations, often fruitlessly. Nothing is more frustrating than busting your rear end to solve a problem you have spent your entire career studying, and having at best, moderate success. Security pros rarely get credit for the attacks they somehow manage to stop, but they certainly get the blame for the attacks that get through.
While one time costs dealing with a breach are certainly big, I think the long term costs of the unproductive efforts and activities security and IT operations teams routinely go through to try and stem the tide may be just as large over time, and may be increasing at a higher rate.
The trend over the last several years has been towards “continuous monitoring” to detect when bad guys have broken through the defenses and “remediation” to recover from the attack.. I thought it would be an interesting exercise to try and measure the true cost of these efforts in each organization. With that in mind we developed a calculator to help people to compute the complete costs of their security efforts. Take a look if you have a chance and when you think of the costs of security don’t forget about the unsung heroes in the front lines day in and day out and what they do to help keep us all secure.