Maintaining cybersecurity during a recession
Article written by Evan Davidson, Vice President of Asia Pacific Japan at SentinelOne
According to most economic forecasters, a recession seems inevitable in 2023. The World Bank has cut its growth outlook from 3% to 1.7%, and companies have either started laying off employees or warned that layoffs are coming. It’s an unfortunate reality that could have a significant impact on a company’s approach to cybersecurity.
During the recession of 2007-2009, companies cut back on their cybersecurity activities. They stopped scheduled network layer technology refreshes, investing in new cybersecurity technology, and hiring cybersecurity staff to protect their digital assets.
With the increased sophistication of cyberthreats set against a growing attack surface for companies to protect, the probability of a breach is increasing. Taking a cost-saving approach in response to today’s economic and geopolitical outlook seems counter-intuitive and self-defeating. The temporary savings could easily be offset by increased costs in business recovery and fines, while the loss of brand reputation can cost millions of dollars. Furthermore, employees can easily evolve into insider threats, and reduced surveillance systems make it more likely that attacks would get through. Stolen data, encrypted files, and ransomware are on the horizon for any company that fails to safeguard its perimeter, which could then bring on increased government fines for things like GDPR inadequacies.
Today, more than ever, security teams need to improve their security posture and response capability. However, as we enter this period of significant economic turbulence, budgets and availability of resources will need to be justified with more depth to meet the economic pressures.
Pitch the ROI
Most businesspeople don’t view cybersecurity through an ROI lens. They consider it a necessary expense or cost of doing business. However, due to an increasing awareness among security professionals, they now understand that presenting an ROI to their board of directors is required to convince them of the need for more budget and resources to help them achieve their and the company’s goals.
Calculating ROI for cybersecurity has become simpler over time with the availability of tools and data. Still, it does require slightly more nuance where local and industry-specific information should be used for higher impact and relevance. A preferred way to begin is by monitoring attempted hacks on your company’s perimeter through your logs. IBM reported that the average breach cost a company over US$4.24 million. While this number needs to be adjusted to your location and industry, it gives a starting point for demonstrating the ROI from endpoint protection.
Determining the cost of a breach on lost business is another way organizations demonstrate cybersecurity ROI. You need to determine the number of days your company would lose business and the amount that would cost. You’d also have to add in the cost to recover data loss and factor in customer churn, as many customers will look for businesses that appear to be safer.
Finally, you should remind your board of directors about the government fines that could be levied against you in the event of a data breach. Calculate all your potential costs that stem from attacks, subtract the cost of running your cybersecurity program, and present that data to the board to demonstrate the value your cybersecurity program adds to the company.
Cybersecurity programs are most successful when they combine automation with human intelligence. Automated tools scan endpoint devices, correlate data from across the network, generate protection ahead of an attack, and detect threats that have already entered the network.
Increasing your level of automation during periods of economic uncertainty is an excellent strategy for protecting corporate assets. While they can’t replace humans, automated tools are far better than people at scanning millions of lines of code and detecting anomalies, turning raw data into knowledge. Once detected, human cybersecurity professionals can analyze results and take necessary steps to end the threat and prevent future breaches.
Add threat-hunting activities
Layoffs may come to legitimate businesses, but threat actors still work hard to breach networks, deploy ransomware, and steal your data. Taking a proactive approach during these periods is a reasonable use of resources to defend your company’s assets. When done effectively, threat hunting discovers hidden advanced persistent threats (APTs), attempts at cybercrime, poor security practices, and environmental vulnerabilities.
Threat hunting enables organizations to find breaches that have slipped past the security shield and are dormant until activated. This activity enables organizations to stay ahead of the latest threats and stop breaches from turning into full-blown attacks. While threat hunting can be done manually, it is far more effective and significantly quicker to supplement efforts with automated tools.
Strengthen your cybersecurity posture during economic uncertainty
It’s unfortunate, but cybercriminals take advantage of any weaknesses they discover. Many businesses will undoubtedly cut back on their cybersecurity program as they ride out the predicted recession, opening the door to cyberattacks.
By continuing to invest in and prioritize cybersecurity, your business will be able to emerge stronger when the economy improves.
The views in this article are that of the author and may not reflect the views of this publication.