Cybersecurity is a must for any organization, no matter their size or industry. However, with the ongoing pandemic disrupting daily operations and adding financial pressure on many businesses, cybersecurity strategies need to be more resilient, optimized and efficient than ever before.
Last year the cybersecurity market exceeded $124 billion. Despite that, cybercrime costs organizations around $1 trillion, demonstrating there is still a huge gap in relation to organizations protecting themselves successfully. Given the pandemic has provided an enormous opportunity for cybercriminals this year, it is likely these figures will have changed significantly again, with predictions that cybercrime could cost in the region of $6 trillion by 2021.
With this in mind, it’s key for organizations to get their priorities and budget aligned to ensure they have an outcome-driven approach to their cybersecurity needs. So, where should businesses start?
Evaluating and planning is critical to an effective cybersecurity strategy. While some organizations might simply rely on previous experience or follow existing protocols, the most effective way to assess your risk posture is by analyzing your business’s unique situation at any given time.
Each organization will face different cybersecurity risks, with some more exposed to certain types of attacks than others. For example, for an organization that is heavily reliant on e-commerce channels with most of its business in digital sales, it’s more likely to be targeted by threat actors seeking to exfiltrate data or cause operational disruption. On the other hand, organizations with a large digital footprint e.g., within the financial and governmental industries, are often targeted via phishing campaigns to breach end-user focused controls and harvest the vast volumes of data they hold.
By assessing your organization’s individual risks and looking at the most relevant threats, your business can plan its cybersecurity budget more tactically, ensuring that you’re focusing on the areas that will deliver the greatest benefit.
In relation to security considerations, there are a number of tactical areas where you shouldn’t compromise:
It is important to maintain a robust and consistent cyber assurance program that includes prioritization for the maintenance of activities such as vulnerability management and patching, maintenance of critical support contracts and capacity management.
Attributing the budget to maintaining the lifecycle of production assets is extremely important and should be considered a key priority to minimize the potential for introducing known attack vectors within the business as a usual processes.
As with regular cyber focuses, it is important to maintain regulatory and compliance activities such that the organization doesn’t fall into a position of non-compliance. Often regulatory and/or legal compliance can be tied directly into contractual obligations, therefore, providing the potential for wider operational and business impacts if not maintained. Some of these activities include regular visibility from external partners.
People are often considered to be the weakest link in a cybersecurity architecture. However, providing education and awareness on what employees should or shouldn’t be doing with company assets is a low cost to provide and is one of the smartest expenses, with the highest ROI, according to
Employees can be a powerful deterrent to data breaches. Social engineering tactics like email phishing are all preventable by good awareness, rather than expensive technical countermeasures. A phishing awareness course can cost as little as $1000 for a group of 25 employees,
Although difficult financial circumstances might create a temptation to treat your cybersecurity program as a one-off project, cybersecurity should very much be an ongoing and integral part of any business. It needs to be regularly reviewed and developed to stay relevant and up to date. Organizations need to adapt how and where the budget is proportioned based on how the business grows and how the relevant threat landscape evolves.