The next wave of cybercrime is going to be even bigger. The distributed ITOpens a new window reality has created several challenges for security teams as data moved outside the corporate boundaries into multiple endpointsOpens a new window , public and hybrid cloud environments and unauthorized devices.
Over the past three months, SecOps teams worldwide have been locked in the patch fastOpens a new window , encrypt all data, and know your environment mode. But despite stringent measures, cyberattacks increased by 238% between February-April amid COVID-19 surge against the financial sector, Carbon Black report Opens a new window indicates.
Now as companies begin to re-open their doors, CISOs are challenged to re-architect for the new business environment that also needs to factor in an increasingly mobile workforce. Forcepoint’s Angelica Torres-Corral arguesOpens a new window in the new world order, a purely ‘reactive, threat-focused approach will simply not work anymore.’ Well, long-term, the security status quo needs to change.
Business leaders commandeering security and digital transformation efforts Opens a new window face another roadblock — constrained security budgets. As organizations stare at a long and painful recovery from COVID-19, the IT buying landscape will have to adopt a “do more with less†discipline.
“Budgets may be stretched even tighter and will result in engineering a new approach that will help security teams do more with less. The highly complex, highly expensive approach of the past will be just that — of the past,†Jeff Hussey, Tempered Networks CEO and founder of F5 Networks observedOpens a new window .
As boosting security credentials become the key business KPIs for CISOs, we catch up with cybersecurity veterans to give their take on security budget predictions and guidance on building post-COVID security roadmaps.
Check out top 5 insights from leading cybersecurity experts who lend actionable advice on how to maintain a strong security posture on lean budgets. Learn which security technologies (experts predict an uptake of IAM and CASB) will drive the maximum impact on short-term operations.
Learn More: Top Vendors Pushing the Boundaries of SIEMOpens a new window
Vinay SridharaOpens a new window , CTO at BalbixOpens a new window
a. Security budgets to get sliced, trim spending on underused software
Unfortunately, COVID-19 has taken a toll on the economy, and information security professionals will be asked to make cuts. It’s critical that leaders focus on how they will continue to maximize risk reduction despite fewer resources.
With a lean IT budget, leaders should consolidate the various point products deployed and eliminate any spending that no longer meets needs. The starting point for this is a complete, accurate, and up-to-date IT asset inventory, including categorization and business criticality calculations for all assets.
Since the average company wastes about 37% of their IT budget on unused or underused software, identifying such assets can instantly eliminate significant spend.
b. Adopt a risk-based approach to prioritize workflow
Starting with an accurate inventory, the likelihood and estimated cost of a breach can be calculated for all assets and attack vectors, empowering Infosec teams to maximize resources and focus on the highest risk vulnerabilities.
By gaining visibility into what is driving the most risk, CISOs can effectively prioritize efforts and empower their team with useful data that increases workflow productivity. This risk-based approach ensures maximum possible risk reduction despite a smaller team size and/or budget.
Jonathan ReiberOpens a new window , Senior Director for Cybersecurity Strategy and Policy, AttackIQOpens a new window
Cost- cutting measures present new constraints, look to continuous testing to stay efficient
The coronavirus has made the CISO’s life even more difficult as it both expanded the size of the enterprise attack surface and created significant business and economic disruption for which adversaries can take advantage. CISOs likely face new budget constraints.
This makes it essential for CISOs to optimize their security programs: they need to operate more efficiently with less resources while increasing their security effectiveness against adversaries.
For this reason CISOs need to continuously test that their security controls work properly – across the kill chainOpens a new window , in production, safely, and at scale. Continuous testing arms CISOs with actionable information to make sound decisions about their security, compliance, and risk management investments, even on a tight budget.
Learn More: ITDMs Need to Adopt ‘Do More With Less’ Approach Amid Budget Cuts Opens a new window
Anurag KaholOpens a new window , CTO and co-founder, BitglassOpens a new window
a. Even before the crisis hit, security budgets were compromised
Prior to the pandemic, organizations were already working off constrained budgets as security expenditures and other operating costs were most likely forecasted for the entire fiscal year. However, the pandemic quickly forced organizations to adapt to remote work and the necessary supporting solutions, therefore requiring most organizations to reconsider their initial annual security budgets.
Unfortunately, organizations have been struggling to adapt to remote work amid the COVID-19 pandemic. In fact, 41% haven’t taken any steps to expand secure access for their remote workforce, even though 84% of organizations report they will continue to support remote work even once stay at home orders are lifted, per Bitglass’ 2020 Remote Work ReportOpens a new window .
b. ITDMs should prioritize cloud security to protect boundaryless workforce
Organizations should feel empowered to continue to support remote work, both during stay-at-home orders and once the pandemic starts to subside, so long as they do so securely and maintain control of their data. As such, it is imperative that security budgets prioritize cloud security solutions like single sign-on (SSO), data loss preventionOpens a new window (DLP), zero-trust network access Opens a new window (ZTNA) and cloud access security brokers (CASBs) to help secure remote workforces by protecting data in any app, any device, and any location.
Learn More: Cybercrime Is a $6T Issue: And Your Collaboration Platforms Are the Weakest LinkOpens a new window
Ben Goodman, CISSP & SVP, Global Business and Corporate Development, ForgeRockOpens a new window
Security spends reduce, but ITDMs will dial up IAM initiatives
Organizations are bypassing typical precautions in a desperate effort to keep up with the growing demands to support remote work and life. We are seeing IAM emerge as a top priority due to its direct business impact. Done well, IAM can be a force multiplier for positive business outcomes; done poorly, it can be an innovation inhibitor.
Even as some organizations cut IT spending, IAM remains a must-have priority, with most IAM initiatives moving forward with even greater urgency. “Getting identity right†means making it easy for your consumers and workforce to connect to you digitally – which translates into making it easy to login, reset passwords, receive personalized digital content and maintain security and privacy.
Chris DeRamusOpens a new window , VP of Technology, Cloud Security Practice, DivvyCloud by Rapid7Opens a new window
With people becoming the new perimeter in security, IAM to be the top priority
Organizations have been spending more on cloud infrastructure to support their remote workforce. As a result, organizations will need to “tighten the operational belt†from a budget perspective and ensure that the proper security and e-governance controls, virtual desktop infrastructure (VDIs), and other key instances are implemented.
Additionally, organizations will need to focus on identity and access management in their cloud infrastructure. This will ensure employees are able to securely access the tools and resources they need to do their jobs while thwarting fraudulent unauthorized attempts from bad actors.
Do you think ‘do more with less’ approach can help keep organizations secure in challenging times? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!