A Critical Look at Cyber Security Investment

A Critical Look at Cyber Security Investment [2023]

The growth of cyber attacks has been fueled by the rise of big data, cloud computing and remote work. As more data is accessed from more places than ever before, the complexity of securing digital systems has increased exponentially. The result: strong and growing demand for cyber security investment.

Cyber defense is a global whack-a-mole game with hundreds of billions of dollars being invested in offensive and defensive capabilities.  After you invest in one area, another area of risk tends to pop up. What is the top defensive technology area to invest in right now? Is there a better cyber security investment?

Cyber Defense is multifaceted

Cyber defense requires a multifaceted approach. Fragmentation is a natural consequence of the back-and-forth between cyber attackers and defenders: If we have an effective defence against a particular type of attack, adversaries will try another area, angle, or approach.

Over time this means we need many technologies to secure our organization. Like it or not, cyber defence is a global whack-a-mole game. It is an arms race, with governments and corporations investing hundreds of billions of dollars continuously in building out offensive and defensive capabilities.

We all know that we need a multifaceted approach. This involves people, processes and tools. We need to make sure that everyone in the organization is motivated and has the skills and resources to fight cybercrime. Beyond understanding why and how technology is critically important as cyberspace is tech-heavy.

What area do we need to invest in?

Unless you feel at ease with your cyber protection, the question is: What is the key technology area to invest in right now? This question is very difficult for most cyber professionals as most organizations underfund and under-resource their cyber operations.

We posed this question to cyber professionals by posting a poll on LinkedIn. To eliminate bias, we conducted the poll twice (the second poll), reaching out to two distinct networks of cyber professionals. Feel free to repost the poll and let us know what your results are.

The poll asked what areas to focus on MFA, perimeter security, known vulnerabilities or education. The results, which were consistent between the two polls, were: known vulnerabilities at 49%, MFA at 29%, and perimeter and education, each approximately at 10%.

Best cyber security investment: Known vulnerabilities routinely exploited

Reason why your cybersecurity budget increase

Reason Why Your Cybersecurity Budget Increase


The results of the poll make a lot of sense. Of course, all these areas are important and really need more investment. However, the NSA and CISA continue to warn that cyber adversaries routinely exploit known vulnerabilities.

If we look at major breaches, we see plenty of evidence supporting these warnings. Sophisticated attackers use a combination of hacking techniques, as we have seen with SolarWinds. Exploiting known application vulnerabilities is a big part of their arsenal and allows adversaries to move laterally and subsequently elevate privileges.

In reality, we find that very few organizations are able to execute fully on a vulnerability strategy.

Why can we not eliminate known vulnerabilities?

Why are we not able to routinely eliminate our known application vulnerabilities? The answer is that it is a daunting task given the level of software that most organisations are operating in combination with the level of technical debt that most of these applications suffer from.

Some cyber experts call for continuous upgrading of all components. That would eliminate these problems. However, continuous upgrading is difficult for organisations that have a lot of applications. For instance, a typical North American bank has 600 software applications. Large banks tend to have many more. A lot of these applications are older and do not have active development. Therefore, routinely upgrading may not be practical.

How much you can save with MergeBase?

MergeBase’SCA tool offers a range of benefits that can help organizations reduce costs in their software development and deployment processes. To help you better visualize the potential savings, we have developed a powerful calculator exclusively for you.

In less than one minute, you can estimate the amount you could save by integrating MergeBase into your software development workflows. Don’t miss out on this opportunity to optimize your investments!

Oscar van der Meer

About the Author

Oscar van der Meer

Inspiring leadership and innovative technology expertise in Digital, Payments, Finance and Artificial Intelligence.