The Covid-19 pandemic may have driven cybersecurity investments up – and bottom lines down – as businesses struggle to adapt to new operating realities and close security gaps, but savvy organizations can still cut costs while boosting security.
Many companies may have already put projects on the chopping block and pared back headcounts in an effort to stay healthy or even afloat as the coronavirus devastates economies. But cybersecurity experts organizations can take the following less drastic steps to check and reduce their costs:
Scale technology and licensing
“The dynamic movement of staff has made organizations think more about dynamic scaling of technology,” said Nick Vigier, CxO advisor at Coalfire. “Whereas organizations used to look at ‘how many people would we need to connect in an emergency’ and licensing accordingly versus now looking at how they dynamically scale up licensing and utilization dynamically will save costs."
Security organizations, he said, "now have an opportunity to take a step back to evaluate their controls effectiveness and visibility in a real world worst case scenario."
That includes having teams "looking at what their unified toolset looks like to remove duplicative efforts/controls. While this likely doesn’t save money now based on renewals, the more efficient design will show long term value."
Cyber insurance coverage
“As a way to prevent unexpected expenses, businesses should review their cyber liability insurance for the inclusion of all devices in use, coverage of social engineering incidents and whether changes made to their technology footprint impact their policy,” said Cowbell Cyber Vice President of Market Engagement Isabelle Dumont. “This is a good time to contact insurance agents and discuss standalone cyber policy to ensure explicit coverage.”
Resurrect BYOD but narrow app support
“Organizations, including those that use desk phones in the office, now have thousands of employees working at home. Instead of issuing thousands of new devices, organizations can support a Bring Your Own Device (BYOD) strategy by simply enabling the devices many employees already own,” Lookout Director of Security Solutions Chris Hazelton. “Instead of managing these devices which can create privacy concerns, IT can manage the only business apps on these devices, saving money on hardware, and management costs.”
He cautioned that "as threats increase for mobile users, organizations should still provide mobile security for those devices without impacting user privacy."
Noting that “reducing cybersecurity costs during, and even in a post COVID-19 world, requires first looking to the source of the highest costs” and “specifically missing security best practices during the development process leaves vulnerabilities wide open for potential costly harm,” Jack Mannino, CEO at nVisium, said “Using this time to improve DevSecOps skills will go a long way to achieve huge savings in potential remediations costs.”
He recommends using “this ‘downtime’ to do a little ‘security assurance housekeeping’ for exiting apps which could uncover existing security flaws that may also be exploitable and expensive to remediate.”
“There are tools that can scan and fix, tools that cover multiple security cases. It is very natural for companies to have many vendors with overlap,” said Thomas Hatch, CTO and co-founder at SaltStack. “Evaluating how your vendors are being used can help you find those gaps where you can save.”
Bolstering cybersecurity during the Covid-19 pandemic most certainly requires investment but “spend, spend, spend” doesn’t have to become a default mantra – instead organizations have plenty opportunity to cut costs without compromising security. Drain your bank accounts?
Focus on mental health
Noting that “mental health resources for teams to prevent and assist with burnout,” which “on security teams can increase risks and can cost” a company money, Chloe Messdaghi, vice president of strategy at Point3 Security, said, “CDC provides mental awareness and resources for everyone to use and know.”
“While setting up well-defined procedure to assess and contain threats can significantly cut down on the time expended by personnel and the MTTR, the potential for true savings on cybersecurity costs lies in automation,” said Murali Palanisamy, CSO at AppViewX. “Organizations would stand to benefit by setting up policy-backed, event-driven automation in line with their business processes in order to pre-emptively identify vulnerabilities, or execute accelerated threat resolution workflows without the need for staff to drive the entire resolution process manually.”
Palanisamy maintained, “The reduced downtime is key to minimizing business losses due to a lack of continuity. Investing in highly robust, cloud-compatible SOAR and SIEM platforms go a long way in promoting the triaging and auto-remediation of cyber exploits, which in turn result in significant savings in the form of reduced operational costs, personnel costs, and false positives.”
Investing in security and cutting costs don’t have to be an either/or, even during a pandemic.