7 ways to reduce cybersecurity spend without compromising security
docx
keyboard_arrow_up
School
University of Wollongong *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
6
Uploaded by nit001
7 ways to reduce cybersecurity spend without compromising security
Aug 15, 2023
Chief Information Security Officers are increasingly being tasked with improving cybersecurity while cutting costs.
Image: Getty Images/iStockphoto
Pete Nicoletti
Field Chief Information Security Officer, Check Point Software Technologies
Share:
OUR IMPACT
What's the World Economic Forum doing to
accelerate action on Cybersecurity?
THE BIG PICTURE
Explore and monitor how
Cybersecurity
is affecting economies, industries and global issues
CROWDSOURCE INNOVATION
Get involved
with our crowdsourced digital platform to deliver impact at scale
Stay up to date:
Cybersecurity
This article is part of:
Centre for Cybersecurity
Listen to the article
9
min listen
Ransomware attacks have increased by 20% in just one year, according to research by Check Point.
But even as cyber risks rise, Chief Information Security Officers are under pressure to cut costs.
Here's how they can balance these two pressures by using their tools as
effectively as possible while prioritizing innovation.
Cyber risks are growing worldwide, and cyber criminals are now using AI
to aid their activities. Ransomware attacks alone have increased 20% year-over-year, according to Check Point, alongside an increase in the rate and sophistication of these attacks. Today, 86% of business leaders
believe that global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years.
At the same time, Chief Information Security Officers (CISOs) face mounting pressure to reduce cybersecurity spending in the face of changing economic headwinds.
The good news is that while fiscal prudence can be challenging and may seemingly present unrealistic expectations, cybersecurity professionals can absolutely achieve more with less.
Have you read?
What cybersecurity threats does generative AI expose us to?
Generative AI for small-medium-sized business: cybersecurity chaos or empowerment?
We asked CEOs about cybersecurity and resilience: Here's what Information Security Officers must know
Cybersecurity: Seven ways to do more with less
Here are seven ways CISOs can reduce cybersecurity spending without compromising security:
1. Optimize existing solutions
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Organizations are often licensed for a cyber capability but have not turned it on. Other organizations need to upgrade their versions to ensure they have all current features available. Many partners and vendors offer consultation and educational resources to help security professionals fully understand and utilize the capabilities inherent in existing cybersecurity tools. There may be instances where expanded use of one tool could allow CISOs to replace and eliminate another tool, simplifying operations and lowering costs.
2. Review in-source and out-sourced cybersecurity efforts
Some organizations leverage third-party groups for specific cyber security work, but, despite the obstacles, it may prove less expensive to bring those specialities in-
house. Or conversely, your enterprise may have a handful of tasks that would be more cost-effective for an MSP (Managed Service Provider) or MSSP (Managed Security Service Provider) to take care of. Organizations should consider running differential cost analyses to review in-source and out-sourced cybersecurity efforts.
It is also imperative that organizations build and maintain a strong cybersecurity culture via employee awareness and continuous training. As per the World Economic
Forum's 2023 Cybersecurity Outlook
, "an organization's cyber capabilities grow with its employees' understanding of cyber risks and their role and responsibility in helping to manage them." Ensuring employees are aware of the latest attacks and how to prevent them is essential. 3. Consolidate cybersecurity tools
Consolidating cybersecurity solutions increases security effectiveness and staff morale, shortens playbooks, reduces training and certification efforts and reduces spending. It can also drive revenue. A study by Dimensional Research and Check Point
found that 49% of all organizations use between 6- and 40-point security products, while 98% of organizations manage their security products with multiple consoles, creating visibility blind spots.
4. Test and augment resiliency measures
Despite maintaining strong cyber security teams, global enterprises continue to experience highly disruptive cyber incidents
. Continued investments in backup capabilities and other cyber disaster recovery measures can save on spending in the
event of a breach. Security teams should have an up-to-date Incident Response plan
and test it quarterly. They should ensure that all Critical and High vulnerabilities are patched or have adequate compensation control.
Should companies need to secure additional budget for this, they can justify the cost by highlighting the potential downsides in revenue, reputational impact, business
outage costs, and risks of under-investing in this part of a cyber security plan. Many companies use the FAIR
approach to justify security spending.
5. Automate and tune tools
Some tools may already have automation capabilities, so CISOs should identify wasted human efforts and time and automate those first. For example, if an organization sees high amounts of false positives that are wasting time or being ignored, this could be a sign that something needs to change. According to IBM’s Cost of a Data Breach Report
, organizations that leverage fully deployed AI and automation save $3.05 million per data breach compared to organizations that fail to use these tools. In other words, enterprises that pursue AI and automation can save as much as 65.2% on breach expenses.
6. Never trust, always verify
Zero Trust is a security model based on the principle of “never trust, always verify.” Leveraging the Zero Trust framework from NIST
reduces the risk of cyber breaches, as it prevents cyber attackers from exploiting excessive permissions and lack of network segmentation. In some cases, implementing a Zero Trust security strategy has delivered a 92%
return on investment with a payback period of less than half a year. Zero Trust can lower the probability of a data breach by as much as 50%. Critically, Zero Trust is a journey and an approach, not a single product.
7. Think prevention-first Many security tools “detect” rather than “prevent” issues. Detection is too late with the speed of the attack leading to exfiltration and/or encryption blackmail and negatively impacting business. Preventing a disaster is far more cost-effective than responding to a disaster. The average cost of a data breach is $4.35 million, and enterprises in the healthcare and finance space often incur much higher
costs than average. Quantification of prevention-first ROI must be based on how much loss organizations could avoid with a prevention-first approach. When crunching the numbers, a prevention-first-oriented security programme wins the day.
DISCOVER
How is the World Economic Forum addressing rising cybersecurity challenges?
Innovation and opportunity in cybersecurity
Organizations can prepare for and still succeed despite slashed cybersecurity budgets. Cybersecurity is all about innovation and staying a step ahead of cybercriminals. To that effect, budgetary limitations represent an opportunity to approach security in innovative, new ways to achieve more substantial outcomes.
Strong cybersecurity and resiliency are attainable. By implementing the steps above,
along with building a strong culture of security in the workplace with employees, ensuring good cyber hygiene and processes and consolidating and optimizing technology solutions, it is possible to do more with less.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help