As cyber threats evolve, businesses face growing pressure to protect their digital assets without breaking the bank. With four decades of experience spanning telecommunications to specialized cybersecurity roles at major corporations such as Michelin, GSK, and Haleon, Maman Ibrahim brings practical insights to the challenge of efficiently securing organizations. His approach focuses on smart prioritization rather than simply acquiring more security tools.
Identifying Today’s Biggest Cyber Threats
According to Maman, three main cyber risks dominate the current landscape. “First is AI. While it’s an opportunity for businesses, it also carries significant risks,” he explains. Technology’s rapid advancement creates both possibilities and vulnerabilities that organizations must navigate carefully. “The second highest risk is third-party and supply chain,” Maman continues. “No company can operate alone whether in a niche market or with global presence.” He points to the July 2024 CrowdStrike incident that crippled millions of systems worldwide as a prime example of how third-party vulnerabilities can create widespread disruption.
The final primary concern is the evolving regulatory environment. “Regulators are not confident in the ability of organizations using technology to secure people’s data,” Maman notes. As global technology adoption increases, so does the complexity of compliance requirements across different jurisdictions.
Moving Beyond the “Throw Money at It” Approach
Historically, cybersecurity has been mischaracterized as primarily a technology problem. “Cybersecurity is considered the highest risk by any organization today, but it’s seen as a tech issue, not a business issue,” Maman observes. This misperception leads to ineffective strategies where “every time a tech leader is requested to mitigate risks, they throw money at it.” Maman’s experience with a mid-sized company of approximately 2,000 employees demonstrates a more balanced approach. The organization was experiencing numerous security incidents despite having invested in many security tools. Every time there was a problem, they would call a consultant who would recommend a tool. They acquired the tool and saw it wasn’t a solution,” he explains.
Six Elements for Cost-Effective Risk Reduction
Through his work, Maman identified six key strategies that dramatically improved security while reducing costs:
- Asset Inventory and Classification: “I began by identifying what truly matters to the company,” Maman says. His team classified assets into three categories: crown jewels, high-impact operational assets, and other assets. This created clear priorities, with crown jewels receiving the most protection.
- Tool Rationalization: By mapping features across their security tools, they discovered significant overlap. We reduced the number of tools by more than half because many of them overlapped in various areas. Sometimes, you can remove half of the tools without any problem. No one will notice it,” he reveals.
- People Training: “You need to train people so they understand their responsibilities and how they contribute to the organization’s security,” Maman emphasizes. This includes being aware of threats, such as phishing attempts.
- Strategic Outsourcing: Not every security function needs to be handled internally. “You cannot operate a security operation center 24/7 with your resources,” he notes. They identified tasks that were more cost-effective to outsource and tailored the service levels to their actual needs.
- Measurement Systems: “Key risk indicators and key performance indicators create accountability,” Maman explains. Accountability only exists when you have measures to demonstrate your current status, progress, and effectiveness in mitigating risks.
- Leadership Accountability: The final piece involves shifting perception at the top. “Cybersecurity is not a tech risk; it’s a business risk,” Maman insists. This elevated the level of accountability among leadership, connecting security to broader business concerns, such as reputation management.
The results speak for themselves. “We demonstrated we could achieve more than half of the cost reduction with around 60% of risk reduction effectively,” Maman concludes. By focusing on what truly matters rather than accumulating tools, organizations can achieve both better security and better value.
Connect with Maman Ibrahim on LinkedIn for more valuable insights on implementing practical, cost-effective cybersecurity strategies for your organization.
