It’s no secret that the global economy has taken a huge hit over the past year. Industries have been decimated and we’re just starting to see signs of a slow recovery. Despite this, analyst firm Canalys has predicted that the global cybersecurity market will grow by up to 10% this year to top $60bn. This reflects the challenge businesses face as they fend off an increase in threats plus ever more sophisticated attack techniques. Our recent research revealed that the monetary cost of global cybercrime is around $945bn - highlighting just how much is at stake if organizations don’t spend their budgets smartly. So how can business leaders ensure their organization is spending their budget smartly whilst protecting data and systems against today’s rapidly evolving threat landscape?
Leverage Machine Learning and AI to Prioritize Threats
Both security professionals and business leaders need to be aware of what kind of threats are targeting their organization. With this knowledge, IT teams can pre-empt attacks and proactively respond with prescriptive, actionable security before getting hit by a threat. This might seem overwhelming but technology exists which allows businesses to navigate the situation. Solutions that uncover which threats are most likely to target an organization, due to its industry-type or geography, can help companies get ahead of adversaries. With this comprehensive intelligence to streamline risk and threat operations, IT can prioritize threats, pre-emptively improve defensive countermeasures and accelerate response times while using fewer resources. This type of AI augments human talent to expedite some of the more time-consuming analytics and correlation activities, thereby enabling timely decision-making and action.
A proactive approach will increase both time and budget efficiencies across the entire IT department. However, it’s important to remember that all cybersecurity investments need to play into the wider architectural strategy. This way, the threat landscape can be viewed in a more holistic manner as kill chains play out. Despite this, equal focus needs to be on responding to threats and an integrated architecture allows for this. Responses are able to be automated and agile, reducing the time and cost of human-only responses in a high-volume threat landscape.
Educating the Next Generation of Skills
Education is another critical pillar of smart cybersecurity investment. Research from the Department for Digital, Culture, Media and Sport found that in 2020, over half (51%) of organizations found it difficult to fill “generalist” cyber positions. To make matters worse, 25% of businesses claim that a cybersecurity skills gap has inhibited them from achieving their business goals, demonstrating just how essential it is that organizations are investing in training for their workforce. Beyond this, businesses must foster a culture of security at all levels and maintain an educated employee base as a first line of defense.
The Shared Responsibility of Security
Recent adoption of cloud services has been vast, with our research finding a 50% increase in enterprise cloud use across all industries between January and April 2020 alone. As organizations rely more heavily on cloud, it’s crucial that they consider the shared responsibility model: securing data in the cloud doesn’t fall solely on one party. All stakeholders, from cloud service providers to end-users, have a role to play in this layered defense. A collaborative approach to security ensures businesses can meet today’s security challenges and spend their security budget more wisely.
While a collaborative approach is key, businesses must support this with a Zero Trust approach to security. This involves leveraging third party cloud services and infrastructures, yet retaining visibility and control of risks under the assumption that the underlying services cannot be trusted. Zero Trust is a strategy, not a solution, and should be adopted as a component of a company’s security architecture.
The pandemic has driven a cataclysmic shift in the threat landscape, and there needs to be a resulting culture shift in how businesses view cybersecurity. By considering it as an investment – rather than a cost – organizations can focus on smarter, more long-term spending. Ultimately, this will not only protect the business but also enable new growth, innovation and resiliency.