While we may be going into a tough economic time for businesses, it’s also very important not to let your cyber security lapse. Here, Ryan Sheldrake, Field CTO – EMEA answers five key questions on how to ensure you are not putting your business or self through any cyber security incidents if you decide to cut costs during a recession……..
What are the key areas of expenditure when it comes to a business’s cyber security outlay?
After a challenging couple of years, not least due to the global pandemic, spending on IT and more specifically on cyber security is starting to show upward, future-proofing trends. The trends are very much indicating that spending is increasing. This spans industry sectors with a range from 3.0 % in Retail to 11.4% in Financial Services of percentage revenue.
In 2019 and 2020 the primary focus was on a cloud and digital transformation. This has shifted in recent times to cyber security. The “rise of ransomware” could very well be a driver for this. An alarming prediction from a recent cyberthreat report states “global ransomware damages to exceed $30bn by 2023”.
Another big percentage jump saw credential leaks taking the headlines with global companies such as Uber allegedly falling foul of this type of attack in recent months. Boards and executives are now investing in tools, automation, and protective layers to prevent, detect and recover from such pervasive attacks. This is certainly a contributing factor to the shift and increase in cyber spending in 2021-2022.
What guiding principles should you be aware of with any attempt to cut cyber security costs?
Any organization attempting to reduce spending on cyber security at the current time should do so with caution. The number of attacks is demonstrably increasing and the types of attacks such as ransomware are even being commoditized. “Ransomware as Service” is very real. If an individual, organization, or state wishes to attack a perceived adversary or target, they can now simply buy this and not have to create or even manage/execute the attack themselves.
If cuts are absolutely necessary tools consolidation, more automation can make things more efficient whilst not negatively impacting coverage or protection. Someone once said “work smarter not harder and in cyber terms, this could mean replacing five tools with two or a platform that leverages more modern automation.
What are the steps a business should take when cutting cyber security Costs?
The first step is to take stock of what has been put in place in the past. If the business has operated for a medium to a long time, there are likely to be legacy tools and some level of duplication. These are easy targets for removal and could constitute a significant saving.
Next up would be to look at the IT strategy and make sure the cyber strategy is aligned. An example of this would be a move to the cloud or a hybrid onsite/cloud move. Consider whether some spending from, say, direct network monitoring hardware could be reallocated to a cloud security platform. That may also consolidate some other monitoring tools. This would have immediate advantages of reduction of complexity, and duplication but also means the target infrastructure and systems are secured upon delivery and into the future.
What sort of cost savings can businesses realistically make?
In the past, many security information and event management tools(SIEMs) have charged per gigabyte of ingested logs and data. This sounds reasonable until you start to ingest data from multiple sources. Start to think about containers, hybrid cloud, multi-cloud, etc. The amount of data becomes very large, very quickly. Some list prices for 10 Gb/day are around $25,000/per annum. 10Gb is not a lot of logs so even a small business may need to multiply this by five or even 10. Changing a logging level from INFO to DEBUG could increase costs by many factors!
Now consider how many of the log entries are actually of interest. Perhaps less than 10% – even as low as 2%. This of course depends on the application, infrastructure, etc. Even at 10%, that’s 90% waste! Using modern machine learning to avoid this type of waste presents an opportunity to save costs whilst maintaining or increasing coverage.
How can businesses ensure they don’t compromise overall security protection?
Gaining visibility into cloud infrastructure and workload, and across hybrid environments to understand what is actually running, is a great first step. Why expend effort and cost on things that don’t run? An example of this is containers that are built but never actually run. Why fix the vulnerabilities in them? This trick is to know what to safely ignore.
Then comes prioritization, fixing the riskiest thing for the business first. Trying to fix everything is doomed to fail as more vulnerabilities are published every week. Using tools and processes to surface where to apply critical fixes. And avoid waste means coverage can be kept at an acceptable level whilst keeping costs in check.
Ryan Sheldrake, Field CTO, EMEA at data-driven cloud security provider Lacework.
Ryan has been working within IT infrastructure for over 20 years and is a prominent DevSecOps thought leader and multi-cloud advocate. As an early adopter of AWS, Ryan now specialises in the Security and DevSecOps realms so he can talk in-depth about the various elements of data analytics in cyber security and why DevSecOps and cyber security are two sides of the same coin, but also explain the differences in their scope and the way data can be used for the benefit of both.
Lacework is the data-driven security platform for the cloud. The Lacework Cloud Security Platform, powered by Polygraph, automates cloud security at scale so our customers can innovate with speed and safety. Only Lacework can collect, analyze, and accurately correlate data across an organization’s AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.