Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/30/2020
02:00 PM
Mark Darby
Mark Darby
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan

We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.

We can all agree that, on paper, it's a gloomy scene right now — an economy-stunning pandemic and now global civil unrest. Is it any wonder businesses the world over are tightening the purse strings? Gartner estimates a $6.7 billion overall decrease in spending for software and services for 2020. Forrester is echoing forecasts of spending pauses. If you're a professional facing a freeze against key security projects and hires, you need to arm yourself with persuasive arguments that benefit the bean counters.

Whether you're an information security-focused entrepreneur like me or a cybersecurity specialist, drastic reductions in spending in the sector should give you pause. The twin crises of a pandemic and global civil unrest represent fertile ground for bad actors. A sudden remote workforce due to COVID-19 is putting everyone's information security to the test, while global unrest brings with it the threat of physical as well as cyber-risk. In the race to meet ever-expanding security demands, it has never been more important for business continuity to take a holistic approach to your budget.

But you're a cybersecurity professional. This shouldn't be news to you. The real conversation to be had is how to make a business case that leaves no room for doubt that your projects are a resource priority within your organization. When you're influencing budget decisions around cybersecurity spending, there are several gears to shift.

  • Revisit your asset portfolio and risk assessment: We're experiencing unprecedented and growing levels of risk. Online threats have increased sixfold since the pandemic began, with phishing attempts soaring by more than 600% since the end of February. The World Health Organization has reported a fivefold increase in cyberattacks in recent months. Without a robust and joined-up approach to information security in place, you'll be open to supply chain disruption and reputational damage. Nobody needs that given the ambiguity of our current times.

  • Acknowledge the value of your talent: ISC.org suggests a supply gap of nearly 3 million cybersecurity positions. These folks are in demand and hard to retain. If they walk, their knowledge goes, too. A continued, dedicated investment in information security retains talent. A commitment to the highest possible global independent standard proves you're serious about what drives them and protecting their professional reputations as well as your data.

  • Spot the opportunityYour organization needs to focus on growth as well as threat protection. While piecemeal investments in operational security might keep daily threats at bay, they don't contribute to the growth of the business. Buyers are more nervous than ever, and information management protocols based on recognized standards from organizations such as the International Organization for Standardization and the National Institute of Standards and Technology will likely give your organization an advantage when competing for business.

When pitching for your security budget, leverage support from those within your organization — as well as customers, partners, and supply chain — who'll see the benefit. Your public relations department will appreciate a positioning "good news" story, particularly if a competitor or player in your vertical has experienced a recent breach. Your colleagues in sales will always welcome additional selling points, like being able to demonstrate certainty around processing customer data.

Arm your CFO with a solid business case that he or she can confidently present in your absence. A respectable forecast against spending never fails to influence decision-makers in the right direction. Like most entrepreneurs, I've learned lessons the hard way, burning through money on poorly considered projects, wasting time, and investing in old ways of doing information security management that actually slowed growth.

One of the most valuable lessons I learned through hard experience is to apply a zero-based budget view for any proposed activity. This is still the approach my growing team takes when recommending spending decisions within our business and supply chain. It ensures we're continually interrogating our return on investment, ensuring, in turn, that our operational expenditure remains lean and effective.

We all know there are slippery conditions ahead, which is why now is the time for organizations to maintain and even increase their spending on cybersecurity, where that investment shows the return. Effective control and collaboration within your supply chain reduces risk and overall cost while improving business continuity and resilience. Those who make considered spending choices now will steer into the skid and find themselves ahead of the pack as they emerge into the new normal and beyond.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
 

Mark is the CEO and founder of Alliantist and author of the business book Alliance Brand: Fulfilling the Promise of Partnering. With a background in business collaboration, organization development, and change management, Mark went on to develop cloud-based security system ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michelle McCarthy
50%
50%
Michelle McCarthy,
User Rank: Apprentice
7/5/2020 | 11:13:47 AM
Re: Interesting
Agreed Ryan, it can be difficult. However, what I'm taking away from the article - and from what I understand of the landscape - is that strong cybersecurity brings with it significant business advantages, which should help make the case. Advantages that need to be pitched as absolute 'must haves' for business reslience and growth potential as we climb out from the current economic pause. Certainly, demonstrable commitment to cybersecurity makes an organization more attractive to do business with and therefore more competitive when it comes to tendering, winning contracts etc. 

The zero-based budget approach is an interesting one to me. Many organisations operate a complicated framework of legacy systems when it comes to cybersecurity. It's possible that by stepping back and re-engineering existing systems, savings could be made while at the same time bolstering security. Applying some zero-based scrutiny of systems already in place could kill two birds with one stone. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/30/2020 | 10:57:01 PM
Interesting
This article was an interesting approach. I guess it truly depends on how the pandemic affected your business bottom line. There were many good points in here but it can be difficult to make a cybersecurity pitch if your revenue was adversly affected due to the pandemic.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.