While we may be going into a tough economic time for businesses, it’s also very important not to let your cyber security lapse. Here, Ryan Sheldrake, Field CTO – EMEA answers five key questions on how to ensure you are not putting your business or self through any cyber security incidents if you decide to cut costs during a recession……..
What are the key areas of expenditure when it comes to a business’s cyber security outlay?
After a challenging couple of years, not least due to the global pandemic, spending on IT and more specifically on cyber security is starting to show upward, future-proofing trends. The trends are very much indicating that spending is increasing. This spans industry sectors with a range from 3.0 % in Retail to 11.4% in Financial services of percentage revenue.
In 2019 and 2020 the primary focus was on cloud and digital transformation. This has shifted in recent times to be cyber security. The “rise of ransomware” could very well be a driver for this. An alarming prediction from a recent cyberthreat report states “global ransomware damages to exceed $30bn by 2023”.
Another big percentage jump saw credential leaks taking the headlines with global companies such as Uber allegedly falling foul of this type of attack in recent months. Boards and executives are now investing in tools, automation and protective layers to prevent, detect and recover from such pervasive attacks. This is certainly a contributing factor to the shift and increase in cyber spending in 2021-2022.
What guiding principles should you be aware of with any attempt to cut cyber security costs?
Any organisation attempting to reduce spending in cyber security at the current time should do so with caution. The number of attacks is demonstrably increasing and the types of attacks such as ransomware are even being commoditised. “Ransomware as Service” is very real. If an individual, organisation or state wishes to attack a perceived adversary or target, they can now simply buy this and not have to create or even manage/execute the attack themselves.
If cuts are absolutely necessary tools consolidation, more automation can make things more efficient whilst not negatively impacting coverage or protection. Someone once said “work smarter not harder’ and in cyber terms this could mean replacing five tools with two or a platform that leverages more modern automation.
What are the steps a business should take when cutting cyber security spending?
The first step is to take stock of what has been put in place in the past. If the business has operated for a medium to long time, there are likely to be legacy tools and some level of duplication. These are easy targets for removal and could constitute a significant saving.
Next up would be to look at the IT strategy and make sure the cyber strategy is aligned. An example of this would be a move to the cloud or a hybrid onsite/cloud move. Consider whether some spend from, say, direct network monitoring hardware could be re-allocated to a cloud security platform that may also consolidate some other monitoring tools. This would have immediate advantages of reduction of complexity, duplication but also means the target infrastructure and systems are secured upon delivery and into the future.
What sort of cost savings can businesses realistically make?
In the past many security information and event management tools(SIEMs) have charged per gigabyte of ingested logs and data. This sounds reasonable until you start to ingest data from multiple sources. Start to think about containers, hybrid cloud, multi-cloud etc etc. The amount of data becomes very large, very quickly. Some list prices for 10 Gb/day are around $25,000/per annum. 10Gb is not a lot of logs so even a small business may need to multiply this by five or even 10. Changing a logging level from INFO to DEBUG could increase costs by many factors!
Now consider how many of the log entries are actually of interest. Perhaps less than 10% – even as low as 2%. This is of course depending on the application, infrastructure etc. Even at 10% that’s 90% waste! Using modern machine learning to avoid this type of waste presents an opportunity to save costs whilst maintaining or increasing coverage.
How can businesses ensure they don’t compromise overall security protection?
Gaining visibility into cloud infrastructure and workload, and across hybrid environments to understand what is actually running, is a great first step. Why expend effort and cost on things that don’t run. An example of this is containers that are built but never actually run. Why fix the vulnerabilities in them? This trick is to know what to safely ignore.
Then comes prioritisation, fixing the riskiest thing to the business first. Trying to fix everything is doomed to fail as more vulnerabilities are published every week. Using tools and processes to surface where to apply critical fixes and avoiding waste means coverage can be kept at an acceptable level whilst keeping costs in check.