How to convince the board to fund threat intelligence

Be proactive rather than reactive, Ebuyer's Tarun Samtani tells Computing's Enterprise Security and Risk Management Summit

The best way to convince the board to release money for a threat intelligence programme is to demonstrate how being proactive, rather than reactive, is best for cyber security.

That's what Tarun Samtani, information security architect at Ebuyer, told the audience during his keynote address at Computing's Enterprise Security and Risk Management 2015.

Samtani was asked how the IT security team can convince the CEO or CFO to release funds for a proper threat intelligence programme.

"That's always difficult," he replied, but advised that the best way to go about it is to approach the board with solid ideas as to how investing in threat intelligence will benefit the company.

"I like to sell ideas and not talk about products. When I go into the meeting I make sure I have some ideas so they listen to me," Samtani explained, although he admitted "it's a difficult sell, of course".

Samtani argued that when it comes to security, it's always better to be proactive than reactive, especially because if you're being proactive, it's much easier to demonstrate how to get the funding required for your cyber security needs.

"If you have some way to make it proactive - and I know it's tough if it's a small team - but if you can be more proactive, then that's one of the ways you can try to sell [threat intelligence] to the business," he said.

He advised organisations with limited IT resources and small tech teams to manage threat intelligence in partnership with a large security vendor.

"Coming from an SME background, we haven't got a massive budget, but as a retailer group we see a lot of threats all the time," said Samtani.

"As a retailer, we need something that can protect us all the time. I think it'd be good to have a mix of things," he said. "There are ways you can do it without a big budget, but having feeds from different providers would be better as you're exposed to more information."

However, speaking earlier at the summit, Steve Soar, cyber security executive at Darktrace, warned that no organisation can be entirely sure that they know of everything which is happening on their network.