Governance & Risk Management , Insider Threat , Patch Management

Rethinking Cybersecurity Investment Amid Rising Threats

Voss of DAT Freight & Analytics on Budget Allocation for Holistic Cyber Defense
Erika Voss, vice president, information security, DAT Freight & Analytics, and CyberEdBoard member

Despite the rapid evolution of cybersecurity tools and strategies, attackers continue to exploit vulnerabilities with alarming success, raising critical questions about the effectiveness of investment in digital defense. Enterprises must assess their budget allocation based on "business model, company appetite and executive leadership priorities," according to Erika Voss, vice president of information security at DAT Freight & Analytics.

See Also: How Enterprise Browsers Enhance Security and Efficiency

Voss identified a common pitfall in cybersecurity investment decisions and the tendency of enterprises to acquire new technology over maintaining fundamental cyber hygiene. Organizations overemphasize spending on detection and response tools while underemphasizing investments in penetration testing, she said.

"As you buy more tools and capabilities and want to have the latest and greatest technology stack, you have to realize you also need 'hands on keyboards' still. That also introduces a human risk," Voss said. "The more tools you have, the bigger your risk appetite."

In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, Voss also discussed:

  • Insider threats and the challenges in getting executive buy-in to address them;
  • The impact of SEC guidelines on corporate governance and security policies for publicly traded companies and their suppliers;
  • Why cybersecurity should be integrated into the business planning process.

Voss is an information security, risk and compliance executive who partners with CEOs, executives and the broader security and academic communities to help grow their personal and professional brands on why security is more than just a data point. She is a member of the CyberEdBoard.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.