Redefining security KPIs for 5G service providers

Telco security professionals are missing the mark when understanding their consumers’ priorities, according to KPMG’s recent report. In the wake of a security breach, consumers seek proof that the incident isn’t repeatable, while security executives prioritize apologies.

The 5G telco industry isn’t exempt from the “the customer is always right” mentality, so pleasing a consumer is – or at least should be – a major business goal. This disconnect between consumer expectations and security teams’ actions exemplifies why it is crucial for teams to integrate overall business objectives into their key performance indicators (KPIs) from the start. Once actions align with expectations, security teams can build digital products and services that satisfy both the enterprise and its consumers.

Do security professionals really know what consumers want? Source: KPMG’s 2019 Consumer Loss Barometer.

To reach this equilibrium, cybersecurity teams must focus not only on protecting their company’s infrastructure and operations, but also by boosting the security offerings in their 5G services and applications. It is vital for security leaders to understand the needs of their customers and become vital contributors in delivering extraordinary customer experiences, instead of just a “back-office function.”

Outlining the metrics

In any successful 5G business, a cybersecurity approach should be defined and its metrics should accurately inform all relevant stakeholders. C-level executives and board members are seeking security metrics that clearly show the costs incurred and the projected effects on their business goals. According to the 2019 Cost of Data Breach Study, a breach that lasts longer than two hundred days costs an organization $4.56 million, 37% more than the cost of a breach that lasts less than two hundred days ($3.34 million).

The study also indicates that 44% of survey respondents reported that their organization’s security approaches improved significantly over the past 12 months. Image 2 lists the specific metrics companies used to measure this improvement, which mainly include the number of attacks prevented, the time taken to identify an incident and the time taken to contain an incident. These metrics are used by 55%, 51% and 48% of companies, respectively.

How does your organization measure security posture? Source: IBM Security and the Ponemon Institute’s 2019 Cost of Data Breach Study.

As such, security operations are best measured by metrics such as the Mean Time To Identification (MTTI) and Mean Time To Contain (MTTC) cyber security intrusions or incidents. Incidentally, Image 3 shows that these values have increased by 4.9% since last year, with a combined MTTI and MTTC rising from 266 to 279 days.

Days of breach identification and containment. Source: IBM Security and the Ponemon Institute’s 2019 Cost of Data Breach Study.

Taking action to reduce MTTI and MTTC starts with understanding the characteristics of attacks, including signature, behavior and impact. From there, groups can work together and leverage technology to deal with multiple events, then log and alarm data to orchestrate and automate incident response processes. If a security team has the tools to capture data on successfully repelled attacks, reports can be compiled to prove value.

Security automation and orchestration tools can help improve KPIs, like MTTI and MTTC, by leveraging analytics that help investigate threats and navigate appropriate responses. Enriched insights from AI-based tools and threat intelligence feeds allow organizations to identify, contain, remediate and eradicate threats before adversaries can compromise the enterprise’s data.

Leveraging telco-centric automation and orchestration technology allows security operations teams to automate procedures and processes in ways that significantly reduce MTTI and MTTC within their organizations.

In short, using an adaptive platform with integrated tools, correlated data and orchestrated mitigation actions helps CIOs/CISOs significantly improve their overarching security approach.