All of the financial pundits seem to be predicting that the United
States will be headed for a recession either in this quarter or starting next
year. This is hard to say for sure, as
most of the economic data I have seen points towards a still strong economy. Job growth seems to be good, and the overall
inflation measures seem to be trending downwards.
The hope of the financial markets is that the Fed will now
stop hiking, and let things get back to some sense of normalcy. But even despite these numbers, people are
still reacting with their emotions about their IT and Cyber budgets, something
that I had pointed out in the blog from yesterday. Many CISOs are still not sure about budgets,
while some are still increasing, the bulk of the others are still stagnant.
So the trick now is to make do with what you have in
hand. In other words, the CISO has to
try to find ways to reduce ways to reduce their overall Cyber Risk posture without
cutting too much into their existing budgets.
So, rather than waste time in trying to find new hardware to deploy (you
can still look at software solutions, the ones that I have seen so far are very
reasonably prices, especially if you use a Cloud based platform like Microsoft
Azure).
So what can a CISO do here?
Here are some key tricks:
1)
Consolidate, consolidate, and consolidate:
What I mean by this is that conduct
another comprehensive and detailed Risk Assessment Analysis to see where all of
your digital and physical assets lie at.
This even includes your network security tools. From this, try to see where there is overlap
and redundancy. Them from there, consolidate
as much as you can. For example, if you
have 10 firewalls at your place of business, then try to strategically deploy
them where they are needed the most, and perhaps just use 3 firewalls. This is also good practice, as this will greatly
reduce the size of your attack surface as well.
2)
Be dynamic and fluid:
Some time ago, as the CISO, you and
your IT Security team probably tried to predict what the possible threat variants
could look like down the road. While
this is a good practice to do, you just can’t stick to that particular
roadmap. You have to address what is happening
here and now, and still keep predicting what is going to happen in the future. Then from there, you shift your strategies
and lines of defense accordingly. By
also doing this, the probability will be less that you will have to take more
out of your existing budget. But also
keep in mind here that because you are strategizing, this does not mean you
need to get new tools and technologies.
Try to make to so with what you already have unless you absolutely have
to procure new gadgets.
3)
Make use of the Cloud:
This is probably the best way to
save on expenses. If you migrate to
something like Microsoft Azure, you will only be paying a fraction of what you
are right now with an On Premises Solution.
With the Cloud, all pricing and costs are known, and you only pay a
monthly fee for only the resources that you consume. Everything else is covered. And if you find that you are spending more than
you want to, you can scale down in just a matter of seconds.
My Thoughts On This:
As a CISO, these are things that you need to pay attention
to now. Apart from a possible recession,
there are other headwinds you need to know about also, which are as follows:
*Security spending will be well over 11% (SOURCE: https://www.gartner.com/en/documents/4016190)
*The average security breach now costs at least $4.45
million, and will only escalate (SOURCE:
http://cyberresources.solutions/blogs/Data_Cost.pdf)
*Ransomware breaches will cost well over $900 million
(SOURCE: https://www.wired.co.uk/article/ransomware-attacks-rise-2023)
*The data privacy and compliance laws are now being even
more strongly enforced, with the prime example of that being the SEC – more information
on that can be seen at this link:
https://www.wired.co.uk/article/ransomware-attacks-rise-2023
Because of this, publicly traded companies now have to report
to shareholders on the steps that they are taking to improve their Cyber
Posture. More information on that can be
seen at the link here:
https://www.darkreading.com/risk/hot-seat-ciso-accountability-in-new-era-of-sec-regulation
Remember too, that you need to get Cyber Insurance as well. Not only is this getting more difficult to
do, but it is also getting to become quite expensive. If you follow the steps in this blog, you
will have extra room in your budget to get that much needed policy.
No comments:
Post a Comment