data-driven decision making

Is Your Security Team Using Data-Driven Decisions Making?

Data-driven decision-making (DDDM) is everywhere. Singapore’s DBS bank uses data to provide customers with hyper-personalized insights and recommendations, enabling customers to make smarter financial decisions. Netflix’s entire recommendation engine and creative programming teams follow data to deliver an outstanding user experience. Even Coca-Cola, the 130-year-old beverage company, uses data to eliminate waste from its marketing budget.

Google uses data to create a better workplace; Uber uses it for predictive analytics to minimize the supply crunch. Data is just about everywhere.

When you think about the ubiquity of data, it’s genuinely odd that few companies have tried using it to guide their cybersecurity decisions. Since every computer interaction can be captured and logged, data-driven decision-making is ideal for enhancing cybersecurity.

To be sure, data is used to protect banks from cyber fraud or keep connected IoT devices safe. However, those use cases typically involve AI engines processing millions of data points while looking for anomalous activities that might indicate nefarious activity. It doesn’t involve using data to secure an enterprise’s core assets or perimeter.

What is Data-Driven Decision Making?

Data-driven decision making is the use of data and analytics rather than one’s gut or feeling to make decisions. For example, when data indicates a customer preference that runs counter to a manager’s gut feeling, a DDDM approach would be to follow the customer preference rather than try to force the manager’s personal preference along.

From a cybersecurity perspective, data-driven approaches would enable proactive security and provide the CISO with a deeper understanding and clarity of the threats and vulnerabilities they face and how significant an impact they might have on business operations. In addition, it would also drive cost savings, as organizations would have a more precise sense of where they need to invest resources. As a result, it would also increase network resiliency.

Fighting Multiple Threats with a Data-Driven Approach

Whether you are concerned about emerging threats or have assets that constantly require protection, using a data-driven approach can help you allocate resources and ensure that your most valued assets are secure.

Begin by assessing initial exploitation methods. Create a list of all exploit techniques that threaten your network and cloud assets. While this list isn’t exhaustive, it does include many of the exploit paths that nation-state-grade threat actors deploy when attempting to access a network.

  • Social engineering
  • Misconfigurations
  • Unpatched software
  • Malicious instructions
  • Brute force
  • Network traffic malformation

Once your list is complete, rank them in order of the likelihood that they will be the entryway for an attack. This ranking can be based on industry data or data you’ve collected indicating different attack approaches that have already taken place, as well as the type of threat you are most likely to face. It will be different for every company. An oil and gas company concerned about Russian ransomware will have a different type of list than an aerospace company concerned that China wants to steal its intellectual property.

This list provides a map of your highest-ranking threats and shows precisely where you need to allocate resources.

The next step, as you might imagine, is to apply mitigations to your highest-ranking threats. If you’re an aerospace company concerned that China will steal your IP, your mitigations need to center around IP. In contrast, a company concerned about financial exploits coming from Iran or North Korea needs to develop appropriate steps to secure its financial accounts.

This process is ongoing. Cyberteams must constantly monitor the data, update potential exploits, and position mitigations that make sense for the threat you’re facing at this time.

Capturing the Right Data

The data you’ve collected in logs or stored in a data repository through active scanning, agents, passive monitoring, cloud connections, and other methods contain indications from outside attackers as to their focus.

Due to the mass volume of data, it is best to have an AI tool to process all the data. It will assess your current defense plan, continuously validate it and help your security team continually work on top priorities while considering budget and personnel constraints unique to each organization.

From there, the CISO can use the data to quickly and easily prioritize the actions, risks, or vulnerabilities that need to be focused on first. Sometimes the results can be counter-intuitive, but when focusing on the areas that could potentially cause the most damage while adhering to budget and personnel requirements, the organization’s security posture will increase, and the security budget will be maximized and optimized.

HolistiCyber can Help

Managing and processing all that data can be overwhelming to cybersecurity teams.  No human can do all of it. HolistiCyber helps CISOs to prioritize risks and projects using a data-centered approach.

We help CISOs avoid costly mistakes, like spending millions on unnecessary technology tools and launching ineffective security projects. CISOs are guided toward optimal, data-driven decision-making.

As a result, CISOs have a shorter, more impactful to-do list and can get more done with a far more optimized budget.

See how HolistiCyber can optimize your defensive shield by harnessing the power of data. Contact Us Today!


HolistiCyber enables organizations in their cyber defense challenge, providing them with state-of-the art consultancy, services & solutions to help them proactively and holistically defend themselves in a new era of constantly evolving cyber threats, many of which lead to nation state grade attacks. 

Learn more…


We use cookies to provide the services and features offered on our website, and to improve our user experience.