Well there is no doubt that we could be heading for a
recession, when it will happen nobody really knows yet. But it is true that American folks are feeling
the costs of higher prices, whether it comes to their credit cards, mortgages,
or even the price at the pump (here in Chicago, it is notoriously high).
Now there is another huge storm brewing in the economic headwinds
here, and that is the fear that the US could default on its own debt unless a
deal is reached in Congress.
Everybody is hopeful about this, as nobody, not even the politicians,
want this to happen. But in downturns
like this, all businesses feel the impact.
And it is true for Cyber as well.
For most SMBs, it has really never been a top priority, and it falls
even further to the bottom of the rung now.
Although Cyber should still be priority for every individual
and every organization, this common way of thinking still persists: “Why should I invest in a security program if
I have never been yet”?
Even many Cyber vendors are also feeling the pinch of the
slowdown, and because of that, many of them are now offering price points that
are attractive to SMB owners. Their hope
is that as they potentially lose bigger clients, they can make up the revenue
gap with the SMB market.
Although VC spending still continues to go into Cyber
startups, the momentum which it had is also slowing down.
So, this all feeds a viscous cycle: With no new innovations coming out, and nobody
really spending any more money on Cyber, the hackers now have the upper
hand. But there is a way around
this. Although it may sound corny and even
ridiculous, the answer lies in possibly hiring an Ethical Hacker to help you
shore up your defenses.
What is an Ethical Hacker you may be asking? Well, this is an individual (or perhaps even
a company) who was once on the dark side of Cyber but has now turned for the good. Their main objective now is not to harm
people, but to help them. These kinds of
individuals are great to hire when it comes to Penetration Testing and Threat
Hunting.
The ultimate goal when conducting these exercises is to take
the mindset of an actual, real life Cyberattacker, and try to take the walls of
defenses of a business that needs to have these kinds of services.
So, rather than trying to train people to do this, why not
hire an Ethical Hacker to do this? After
all, they have done this before, so for lack of a better term, they literally
know all of the ins and outs of how to hack, because they have done it before.
Also, Ethical Hackers can be used for Bug Bounty
programs. This is where a tech company
(such as Oracle or Google) comes out with a new product or service, but they
want to make sure that all of the bugs have been worked out.
So to do this, they typically announce a program that lets
people, especially the Ethical Hackers, try to break those systems.
If turn, they also have to come up with a viable solution,
and prepare a rather exhaustive report as to what they found, and how they
would remediate the weaknesses or the gaps that they have found. They then submit this report, and if the tech
company that announced the Bug Bounty program likes what they see in this
report, the Ethical Hacker is then awarded with a very nice cash prize, somewhere
in the 5 digits. This could also be a new
revenue stream for a Cyber startup.
Also, given the current threat landscape, hiring an Ethical
Hacker or even a team of them makes sense.
Consider these stats:
*In 2022, the total number of Cyberattacks increased by a
staggering 87%;
*The total number of Cyberattacks against government institutions
went up by an alarming 95%;
*The average cost of just one Cyberattack reached a jaw
dropping $4.35 million.
The sources for these stats came from here:
https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/
Also, by taking on an Ethical Hacker, you the SMB owner, are
helping to shorten the ever-widening Cyber worker shortage. Remember, you do not have to hire one of these
guys on a full-time basis unless you feel inclined to do so. You can always
hire them as needed on a contract basis, which will save you quite a bit of
money.
My Thoughts On This:
In today’s times, the overall IT Security team is just
burned out from trying to keep up with what they have. A great alternative to automation is to hire
an Ethical Hacker. Why train someone to
think like a Cyberattacker? Just hire somebody
who has already been one!!! Yes, I know, there could possibly be a lot of fear
for an SMB owner to take on a person like this.
In other words, hiring Ethical Hackers can be a great staff
augmentation solution as well.
But keep in mind that you bear the same kinds of risks when
you hire any other kind of employee. Finally,
as it has been so nicely put in this quote:
“Economic turbulence means less investment in
cybersecurity and a surge in cybercrime. Put simply, it's a recipe
for disaster.”
So to use the old proverb:
“Why not fight fire with fire?”
No comments:
Post a Comment