It’s never an ‘easy’ day for cybersecurity teams. On one hand, they’re facing the potential concerns related to an economic downturn, especially tech start-ups. And on the other hand, organisations of every size are experiencing a significant cybersecurity skills gap paired with budget cuts despite the fact that there’s more malicious cyber activity than ever, including state-sponsored attacks on US businesses.
The good news is that history shows that cybersecurity teams are very unlikely to face cuts during a recession. Otherwise, this isn’t all bad news. There are opportunities for security leaders to realign and put all the right pieces in place for more efficient cybersecurity teams.
In this post, we’ll discuss how CISOs and security ops leaders can better manage their cybersecurity budget and risk while running more productive teams by using cutting-edge connected technology, strategic budgeting, and more effective internal security training.
1. Grow your cybersecurity team from within
Much like how a major league baseball team nurtures young talent through its farm league system, the best CISOs are growing their own talent by training interns or employees from other parts of the company. Security operations centre (SOC) analysts often transition into cybersecurity from another part of the IT department, and today the search doesn’t have to be linked to even the CIO organisation.
Economically speaking this is an innovative way to staff your SOC for a reasonable price: and the fact is with the skills shortage you may not even be able to find people externally. An internal development program also builds loyalty and retention. The upfront investment in training will pay dividends as the young staff flourish into cybersecurity pros and don’t bring bad habits with them.
2. Offload key tasks onto technology
Though investing in your team’s talent is an effective and strategic use of your cybersecurity budget, sometimes, you just need help faster. Some of today’s key skill shortage issues can be augmented with automation technology, such as machine learning (ML) and artificial intelligence (AI).
Automation combined with a platform with XDR capabilities (the automated collection and correlation of activity data across multiple security layers) effectively breaks down tech and team silos. This approach also helps to free up high-salaried, hard-to-find SOC analysts from having to manually track down every security incident.
Liberated from time-consuming “obvious” tasks that a machine can do more efficiently, analysts can dedicate more time to critical thinking. For instance, if data is suspiciously moving around in a company’s software supply chain network, ML alone is not likely enough to uncover the root cause. You want your best people doing deep investigations with the aid of technology so they can more effectively identify the root cause issue. They won’t be able to do that if they’re burdened with manually analysing the attack chain of the latest email compromise.
3. Get strategic and look for budget in non-standard places
And now for the elephant in the room: your cybersecurity budget. Experienced SOC analysts require a six-figure salary. But that is academic given that there is such a shortage of precisely these kinds of people.
There may, however, be a workaround. Many organisations may have pockets of budget floating around in IT departments that CISOs can use for tech deployment, training and hiring.
Look for shelf ware: it’s more common than you think for procurement departments to keep paying support maintenance fees for products the company no longer uses. A CISO could do an inventory of no-longer-in-use contracts and claim that budget as their own. And not just in security.
Another way to find budget is to look for volume discounting. For instance, various business units, not just IT, may be buying their own software licenses from the same vendor. The spend is spread across units and could qualify for a volume discount. A CISO could renegotiate volume discounts and claim that savings as cybersecurity budget. The business units may even be paying for product that is already covered under an enterprise license.
4. Use tools that work better together
Look for tools that work better together. Siloed products inevitably lead to visibility gaps and disconnected alerts that get ignored by team members suffering from alert fatigue.
CISOs will get more bang for their buck by leveraging a unified cybersecurity platform, wherein their endpoint, cloud, email, network, and mobile security tools are continuously sharing information and giving SOC teams full visibility into all their cyber assets and vulnerabilities.
A true platform is a ‘better together’ proposition that is more than a volume discount play, but instead a ‘better together’ technology where telemetry, reporting and response is made better than it would through a collection of point products that aren’t at all integrated.
A unified cybersecurity platform is a cutting-edge way for IT teams to respond faster to threats without being weighed down by administrative tasks that are better left to machines. This platform-minded strategy, along with savvy cybersecurity budgeting and the willingness to grow talent internally, will help keep CISOs ahead of today’s relentless cyber attackers.
The last recession didn’t see cuts to security budgets because the attackers themselves were more motivated due to the downturn, and it saw a change in the role of CISOs to be less in the trenches and more often in the boardroom. Given how attuned boards are to their responsibility for cybersecurity they likely won’t likely be putting their companies at risk.
To learn more about Trend Micro One and the benefits of a unified cybersecurity platform, check out these resources: