Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

04:40 PM
Joan Goodchild
Joan Goodchild
Edge Articles

How to Wring Every Last Drop Out of Your Security Budget

In the face of tighter budgets and lowered spending forecasts due to the pandemic, optimizing and improving the efficiency of security programs -- without sacrificing integrity -- has never been more important.

Recommendation #5: Make Adjustments to Teams
Security staffing continues to be a challenge. Fifty-seven percent of over 2,000 cybersecurity professionals surveyed by ISACA for the "State of Cybersecurity 2020" report found 57% have unfilled positions, and 62% said their security teams are understaffed.

Budget constraints certainly won't make this situation better, so it is a good time for CISOs to readjust teams to reflect skills that are essential now. As network infrastructure takes on a more hybrid state with the move to cloud, SkyBox Security's Cohen said it is critical to flesh out teams to include members who understand how these environments intersect.

"As companies move deeper into initiatives such as digital transformation, they need to also ensure they're transforming their security teams, bringing on new members with diverse skill sets or ensuring current teams continue their education for this new technological wave," he says.

And because it is often so hard to bring in new talent, it's worth evaluating existing team members and offering them opportunities to train and learn the skills needed now.

"Look to upskill team members from reactive, hardware, and operations-based positions to forward-looking proactive software and analytics positions focused on big data analytics, data science, and proactive investigation of potential new threats," advises Michael O'Malley, VP of strategy at Radware.

Recommendation #6: Automate Wherever Possible
Events that are common, repeatable, and do not typically require human interaction are targets for automation, says IronNet Cybersecurity's Swearingen, who advises security managers to look for other manual tasks where technology can take over.  

"Events that should rarely happen are a high target for automation," he says. "For example, alert the security team if a domain administrator user is added."

Recent research from the SANS Institute found adoption of automation technologies increased 12% year-on-year, but Hausman says some security teams are still very far behind and can benefits from investments in this area.

"There's a shocking amount of manual work in security, and it isn't the exhilarating, 'Sherlock Holmes' investigative work," Hausman says. "Look for people still using spreadsheets, for starters. Most companies target the volume drivers for their security team: phishing, malware, vulnerability management, and access management. They automate enrichment, scoring, assignment, and remediation handoffs."

Related Content:



Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
2 of 2

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
A Swift Reminder About Cybersecurity

Source: The Security Awareness Company

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Masks and Manners
Flash Poll