• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity

    Don’t slouch — improve your cybersecurity posture

    May 18, 2023
    Organizations must understand that having a weak security posture is ultimately far more expensive than paying upfront before potential disaster strikes.
    bigstock-Phone-Lock-To-Protect-From-Cyb-446598905
    Taking preemptive action is the most important step in setting up an organization for long-term success.
    Taking preemptive action is the most important step in setting up an organization for long-term success.

    Today's organizations, from enterprise to SMBs, are constantly navigating a rocky and unpredictable security landscape. Now, another layer of difficulty has been added to decision makers’ plates: economic uncertainty.

    The possibility of a global recession has left many on edge, and leaves CISOs to contend with the rising threat of cyberattacks and budget constraints. 

    If an organization is considering cutting costs in the security department, they must understand that having a weak security posture is ultimately far more expensive than paying upfront before potential disaster strikes. 

    To put the potential damage into perspective, the global average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 — the highest it’s been in the history of IBM Security’s “The Cost of a Data Breach Report.” 

    According to Forrester, corporate boards and C-suites still largely view cybersecurity as a cost center, raising the possibility that critical investments will be rolled back or eliminated as companies are looking to make cuts. However, despite tightening wallets and shifting priorities, now is not the time to skimp on cybersecurity. 

    Identifying Threats

    Organizations need to evaluate where their security posture currently stands and keep in mind that cyberattacks aren’t going to wait – threat actors are always hungry for money, and hackers are always poking at enterprise infrastructure to test the waters for any way in.

    If an organization’s security is lacking, they will find any unpatched vulnerabilities and unsecured databases, and they have a lot of money to make from negligence or even the smallest mistake. 

    Attackers who exploit those vulnerabilities are looking for two things: money and credibility. They may try to get this money from ransom payments, for example. But even if an organization doesn’t pay up, they cancel that data to others. And if by chance no one buys? They’ll give it away to gain credibility and reputation within hacker groups. 

    Identifying threats in a web of cyber challenges will greatly improve overall security posture, ultimately positioning companies for better protection and long-term success. 

    Stretch Cybersecurity Budgets

    It’s understandable that in the current economic landscape, many organizations are looking to scale down operations in any way possible. Cybersecurity budgets should not be one of them. 

    During the Global Financial Crisis of 2009, internet fraud increased by 22% from the previous year– the amount of monetary loss from these crimes was just shy of $560 million. Not to mention, a cyberattack can incur both hard and soft costs, causing potentially irreversible damage to the company and its reputation. 

    Over the past few years, ransomware payments have steadily increased around the world, as well — in the United States alone, payments have increased 480% over the past two years, with the average payout being $170K in 2020 and just over $800K in 2022. This is just one hard cost of poor cybersecurity measures, and a clear example of why it's critical to maintain a strong cybersecurity budget. Some ways to get the most out of a cybersecurity budget include:

    • Using technology to mitigate staffing shortages – Cybersecurity talent is expensive and hard to find, but certain tools can help to improve processes in the meantime and streamline costs.
    • Lowering cyber-insurance premiums – Sometimes this can be as simple as implementing measures such as two-factor authentication. Take the time to determine how to invest time and money now to save time and money in the long run.
    • Consolidating tool stacks – Any cybersecurity analyst will say that too many tools can actually cause more difficulty – and cost more money – than they’re worth. Consolidating tool stacks can help cut back on the noise and the costs.

    Improve Cybersecurity Posture

    In order to prevent cyberattacks from wreaking havoc on their organizations, leaders should implement a preemptive security strategy from the outside-in, detecting and eliminating exposures before others can. If there’s one thing companies can control in a time of economic uncertainty and pared-down teams, it’s their exposure risk. 

    Downsized cyber operations aren’t the only way hackers can find a way in. Even if an organization has a robust security budget, it is important not to overlook the seemingly small things that could potentially open the door to a number of threats, from third-party risk to nation-state attacks or insider threats from disgruntled employees. 

    There are a few key measures that are essential to keep top-of-mind when considering priorities in a cybersecurity budget:

    • Don’t overlook basic IT measures for preventing attacks. These can include blocking specific ports and web pages in firewalls, blocking specific domains in email filters, properly patching devices, and closing any open sensitive ports on internet-facing devices.
    • Take third-party risk seriously. It is extremely important to evaluate partners carefully before fully trusting their own cybersecurity posture and sharing data with them. Set rules and restrictions in place with them and leverage external attack surface management (EASM).
    • Implement employee education.  Ensure that employees understand what shadow IT is and how it can damage the company. Provide regular updates on known scams so that employees know what to look out for. Train employees to recognize files with ransomware extensions (e.g., .micro, .exx, .encrypt, .crypz, etc.). Conduct phishing drills as a way to keep employees alert and engaged in prevention efforts.

    The simple fact is that cyberattacks rely on people slipping up. Either they fail to take an action that they should have taken in the first place, or they take an action that they should not have.

    Recognizing the magnitude and detrimental long-term effects that a cyberattack can have on an organization is the first step in improving cybersecurity posture. Recognizing that there are no shortcuts to avoid hacker’s ever-evolving tactics and that cybersecurity must remain a priority throughout the organization even in a global recession is another step towards improvement. 

    Lastly, but certainly not least, taking preemptive action is the most important step in setting up an organization for long-term success. 

    Erwan Keraudy
    Erwan Keraudy is Chief Executive Officer of CybelAngel. Prior to co-founding CybelAngel, Erwan was Deputy Chief Investment Officer in Mumbai at SBI Funds Management Private Limited, the largest bank in India. Previously, Keraudy was a Credit Trader and Portfolio Manager at Societe Generale Asset Management. Erwan is a postgraduate in economics from Manchester University and has earned an M. Sc. in finance from ESCP Europe, Paris. He is an Alumni of the Institut des Hautes Etudes de Defense Nationale with specific training on International Affairs and Strategic Intelligence.
    About the Author

    Erwan Keraudy | Chief Executive Officer

    Erwan Keraudy is Chief Executive Officer of CybelAngel. Prior to co-founding CybelAngel, Erwan was Deputy Chief Investment Officer in Mumbai at SBI Funds Management Private Limited, the largest bank in India. Previously, Keraudy was a Credit Trader and Portfolio Manager at Societe Generale Asset Management. Erwan is a postgraduate in economics from Manchester University and has earned an M. Sc. in finance from ESCP Europe, Paris. He is an Alumni of the Institut des Hautes Etudes de Defense Nationale with specific training on International Affairs and Strategic Intelligence.