Security budget battles in the age of COVID-19

November 17, 2020

Budget bandwidth is often a strong contention point for businesses. And even with the increase in cybercrime threats, some firms still struggle to allocate proper budget allowances to meet security and regulatory requirements. According to a recent report by Accenture, organizations face on average 22 legitimate security breaches each year and the average cost of a single cyberattack is $380,000.

While the majority of business leaders and organizations understand the risks and potential impacts of cybercrime, oftentimes it is not prioritized from a budget perspective. Perpetual budget concerns have combined with the global pandemic, the strained global economy and the nearly overnight shift to remote work to produce two major challenges for security teams.

The first challenge presented by COVID-19 was a reduction in budgets for the majority of businesses. A recent global survey revealed two in five organizations opted to reduce cybersecurity budgets in order to cut costs as a result of COVID-19.

Secondly, COVID-19 caused the majority of organizations to shift to remote working in uncontrolled environments from more traditional working environments in which employees connected to their company networks via controlled office spaces.

This shift to remote significantly increased the number and variety of devices, connections and third-party services used by employees. Although many organizations had technology in place for remote work implementation (i.e. collaboration tools and teleconferencing) there is still added risk for security due to difficult-to-control remote working environments.

Understanding your cyber risk

In order for organizations to successfully manage and protect their data, it is necessary to understand the intricacies of their information and how it is stored. The following questions should be addressed in order to properly do this:

How and where is the company’s sensitive information stored?
What types of data are considered sensitive?
Who has access to the sensitive data?
What circumstances determine how sensitive data is accessed?
What procedures are in place to alert the appropriate teams and individuals when pertinent information moves locations?
What systems are in place to defend against unauthorized use (i.e. by potential cybercriminals) attempting to breach sensitive information?

Organizations that work to answer these questions will ideally then have the knowledge to accurately assess risk, create a plan and determine the most effective approaches in managing their information now and in the future. Additionally, answering these questions will provide a better understanding of data locations, security posture and access, which in turn establishes the foundation to managing both security and risk.

Adopting an on-defense mentality

The majority of organizations have adopted “defense-in-depth” strategies, which is a multilayer defense approach that analyze perimeters, network streams and accounts for endpoints and devices. This type of strategy has been adopted to improve the overall resilience of an organization. Organizations that have adopted these types of strategy are on the right path to securing their businesses; but they must realize and understand that while the technology to stop attacks at the perimeter is, it is not sufficient and not proven to completely protect against advanced and targeted cyberthreats and attacks. Endpoint visibility and control is essential in discovering and mitigating the impact and long-term effects of active and ongoing breaches as they may have already penetrated standard firewalls and anti-virus technologies.

More so than before due to reduced budgets and skilled labor shortages, organizations are recognizing the automation and efficiency gains provided by endpoint detection and response solutions. It is important to use multiple data analytics techniques and modern EDR tools to detect any suspicious system behaviors. EDR tools provide contextual information to security teams by automatically blocking malicious activity and proactively providing remediation suggestions and workflows to reduce downtime of impacted systems.

Finally, the continuous loop of endpoint data collection and analysis is critical for any organization to understand what is happening if a breach threat occurs. Additionally, the endpoint data will also be vital to ensuring ongoing regulatory compliance, reporting and verification should an incident occur.

What’s next for enterprise security

While the post-pandemic world seems closer in some regards, COVID-19 still presents a lot of uncertainty for organizations as the spike in cybercrime will likely continue. Organizations will need to either further embrace or transition to digital-first mentalities and with this business priorities must include cybersecurity prevention measures.

Notably, given the growing rate of cybercrime and cyber risks, there is a real need to prioritize education around cybersecurity for the next generation of IT and security professionals. This is especially needed due to the prominent and ongoing skilled labor shortages.

Digitization continues to bring the world closer and connect the world far more than ever before. While technology provided enterprise resilience in the midst of the COVID-19 pandemic, it has also increased cybersecurity risks. Along with this increase in connectivity, the ever-growing value of privacy and data protection has grown and exposed the great need for enterprise-grade endpoint detection and response solutions to reduce cyber risk and address threats before a breach occurs.

JJ Cranford is OpenText's Senior Product Marketing Manager.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.