TODAY’S CYBERSECURITY ENVIRONMENT isn’t for the faint of heart. Despite a growing tangle of security tools, it isn’t uncommon for SMBs to feel like they’re flying blind if they’re not focused on the appropriate security metrics.
“You cannot possibly improve what you can’t measure,” states Kyle Hanslovan, CEO of cybersecurity firm Huntress. “Large enterprises often have sophisticated measurement tools in place, but SMBs often lack the necessary systems and metrics. They are at greater risk of having an incomplete picture.”
Channel pros can help SMBs understand which security metrics are crucial to shaping a stronger security posture. “With the right information, you can adapt and adjust the focus—and the actual tools—to build a better security framework,” says Angela Hogaboom, sales director for IT services firm SugarShot.
There’s no single template that works for every organization, however. “The focus should be on what reduces risk and improves operational efficiency,” Hogaboom says. “The ultimate goal is to make security an enabler rather than a barrier.”
A Measure of Success
At the enterprise level, it’s common to identify a handful of core metrics and rely on specialized software that delivers real-time insights. For SMBs, however, sophisticated security performance tracking tools are often cost-prohibitive, can be difficult to set up, and typically require training.
Instead, channel pros should advise their SMB clients to focus on a half dozen or fewer overarching metrics, which they can track in a spreadsheet, to provide the guidance necessary to navigate security effectively. “There’s no need to measure everything,” Hanslovan says. “You don’t want to get to the point where perfect is the enemy of good.”
One critical metric is mean time to detect (MTTD). As the name implies, it focuses on how long it takes to identify a security incident. It’s crucial, Hanslovan says, because a swift response reduces the collateral damage from an event. “The longer intruders lurk in a system undetected, the greater the damage they are likely to cause,” he says.
Another important metric is mean time to acknowledge (MTTA), which addresses the lag between detecting a security issue and acting on it. Other often-used metrics include mean time to respond (MTTR), which revolves around getting systems functioning again, and mean time to contain (MTTC), which measures how long it takes to contain all the damage.
Not all metrics should focus on specific events, however. It’s wise to track both false positives and false negatives, Hogaboom says, because when organizations become buried under meaningless alerts—or fail to detect a problem—the window for damage expands and addressing deficiencies becomes more difficult.
When looking at security tools and systems, many organizations also monitor system availability, service-level agreement (SLA) compliance, ticket resolution speed and effectiveness, and mean time between failures (MTBF).