As many of you know, the Silicon Valley Bank in California
essentially shut down on Friday, due to its insolvency. Now the FDIC is taking over so that insured deposits
can be paid out in a timely manner, which will hopefully stop the rush to the banks
in panic withdrawals.
The exact reason for the bank’s demise is still being
filtered through, but a lot of people are blaming the bank’s heavy investments
into the tech and crypto based sectors.
It will make the headlines for sure all of next week. So, the second largest bank failure in
American history should raise a red flag to a lot of the people in the C-Suite,
especially the CISO, or the vCISO, who ever is in charge. With the economic headwinds
and geopolitical situations will uncertain, the CISO has to keep a close eye on
their Cyber budgets and plan for the future.
Although nobody can predict the future with any degree of
accuracy, here are some key events to keep in mind to make sure that your budget
stays as flexible as possible:
1)
The Russian invasion of the Ukraine:
While this happened over a year ago,
the conflict still remains, and is getting more entrenched. At the beginning of the war, there was a lot
of fear that there would be major Ransomware attacks here in the United States,
especially onto our Critical Infrastructure. Luckily nothing has happened yet,
but as the war drags on, anything is possible.
So this is a huge variable that has to be factored into your budget.
2)
Uncertainty of the United States markets:
There is no doubt that inflation is
on the mind of every American today.
Heck, even I went grocery shopping today, and could not believe how much
the costs of basic food items have risen.
But not only this, but the fear of inflation has greatly spooked the
financial markets, and this was best exemplified just last week. With these roller coaster ups and downs, companies
are fearful to spend or deploy any cash into budgets, and that even includes
hiring people. Again, this is evident in
the layoffs the tech sector has been seeing since the beginning of this year. While layoffs are never any good for anybody,
it is still important to keep in mind that when compared to the 2008 recession,
the number of people losing jobs is not nearly as much. Also, the job numbers still look very strong
here in the US, based upon last Friday’s report. But in the end, nobody knows what the Fed
will do in terms of raising rates so this is something that you will have to
keep a close eye on as well.
3)
The Data Privacy landscape:
When the COVID-19 pandemic was in
its climax, data privacy regulators backed off from conducting audits and imposing
any kind of financial penalties. But now
that the pandemic is more or less behind us, this is going to ramp up again to
even greater degrees, as companies make even greater strides to move to the Cloud. So, money will have to be spent in making
sure that all of your controls are in place and are totally optimized. To many CISOs this might seem like a sheer
waste of time and money, but some spent now will help you avoid that audit and paying
10x more in financial penalties.
4)
Security training:
This is a component of your Cyber
budget that you cannot let go. Employees
will need to be trained on a regular basis, and of course this is going to cost
some money. As a CISO, be on the look
out for developing more effective means of training. You can always outsource this particular
function to a reputable Cyber vendor that specializes in this. This can help you save some money in the end.
5)
Investments in new security technology:
This is an area in which, as a
CISO, you need to have second thoughts on.
For example, I have written a lot in the past that it is always better
to do with less than with more. There
are two reasons for this: a) With more
technologies in place, it will only expand the attack surface for the Cyberattacker,
and b) Having more tools will simply mean that your IT Security team will more
log files to filter through, which further lead to a phenomenon known as “Alert
Fatigue”. My thinking here is that if
you can conduct a Risk Assessment, and from there take stock of you have, you
can possibly rearrange things so that you create a more efficient and effective
means of beefing up your lines of defenses.
The bottom line is this: You are
far better off with deploying three firewalls than ten firewalls, as long as
they are strategically placed.
My Thoughts On This:
In my view, the uncertainty of inflation and the geopolitical
situations will remain with us for a long time to come. Therefore, it is important for you, the CISO
to plan properly and accordingly. But remember
that you do not have to be alone in this process. If possible, try to get an advisory board to
work with you and to provide a second opinion.
One of the primary benefits of this is that if you need an infusion
into your Cyber budget, you will have a group of well-seasoned executives to
back you up not only in front of your CEO, but the Board of Directors as well.
No comments:
Post a Comment