It’s never an ‘easy’ day for cybersecurity teams. On one hand, they’re facing the concerns related to a potential economic downturn. Tech start-ups are under considerable pressure, given higher interest rates and a shortage of venture and private equity funds. And on the other hand, organisations of every size are experiencing a significant cybersecurity skills gap paired with budget cuts despite the fact that there’s more malicious cyber activity than ever, including state-sponsored attacks on US businesses.
For security teams facing any cuts or having to rationalise their budgets, there are opportunities for security leaders to realign security spending without sacrificing efficiency.
In this post, we’ll discuss how CISOs and security ops leaders can better manage their cybersecurity budget and security risk while running more productive teams by using cutting-edge connected technology, strategic budget allocations, and more effective internal security training.
4 Tips for Better Budget Management
1. Grow your cybersecurity team from within
Much like how a major league baseball team nurtures young talent through its farm league system, the best CISOs are growing their own talent by training interns or employees from other parts of the company. Security operations centre (SOC) analysts often transition into cybersecurity from another part of the IT department, and today the search doesn’t have to be linked to even the CIO organisation.
Economically speaking this is an innovative way to staff your SOC for a reasonable price: and the fact is with the skills shortage you may not even be able to find people externally. An internal development programme also builds loyalty and retention: an ISACA survey found that after pay, limited promotion or development opportunities was the main driver for cybersecurity professionals leaving their job.
The upfront investment in training will pay dividends as the young staff flourish into cybersecurity pros and don’t bring bad habits with them.
2. Offload key tasks onto technology
Though investing in your team’s talent is an effective and strategic use of your cybersecurity budget, sometimes, you just need help faster. Some of today’s key skill shortage issues can be augmented with automation technology, such as machine learning (ML) and artificial intelligence (AI).
Automation combined with a platform with XDR capabilities (collection and correlation of activity data across multiple security layers) effectively breaks down tech and team silos. This approach also helps to free up high-salaried, hard-to-find SOC analysts from having to manually track down every security incident.
Liberated from time-consuming “obvious” tasks that a machine can do more efficiently, information security analysts can dedicate more time to critical thinking. For instance, if data is suspiciously moving around in a company’s software supply chain network, ML alone is not likely enough to uncover the root cause. You want your best analysts doing deep investigations with the aid of technology so they can more effectively identify and limit the scope of cyber threats. They won’t be able to do that if they’re burdened with manually analysing the attack chain of the latest email compromise or ransomware attack.
Natural language AI is an assistive technology that can have very high value in a SOC. For junior analysts, asking a natural language companion questions can help them explain alerts, navigate through the infrastructure, form queries, and give recommended actions. For senior analysts, they can save time by having an AI companion pull together conclusions from complex queries, and decrypt the meaning of complex scripts. Any time saved by senior analysts means they can be doing more, and finding things faster.
3. Get strategic and look for budget in non-standard places
And now for the elephant in the room: budget allocation. Experienced SOC analysts require a six-figure salary. But that is academic given that there is such a shortage of precisely these kinds of people.
There may, however, be a workaround. Many organisations may have pockets of budget floating around in IT departments that CISOs can use for tech deployment, training and hiring.
Look for shelf ware: it’s more common than you think for procurement departments to keep paying support maintenance fees for products the company no longer uses. A CISO could do an inventory of no-longer-in-use contracts and claim that budget as their own. And not just in security.
Another way to find budget is to look for volume discounting. For instance, various business units, not just IT, may be buying their own software licences from the same vendor. The spend is spread across units and could qualify for a volume discount or the business units may even be paying for product that is already covered under an enterprise licence.
4. Use tools that work better together
Look for tools that work better together. Siloed products inevitably lead to visibility gaps and disconnected alerts that get ignored by security team members suffering from alert fatigue.
CISOs will get more bang for their buck by leveraging a cybersecurity platform, wherein their endpoint, cloud, email, network, and mobile security tools are continuously sharing information and giving security teams full visibility into all their cyber assets and vulnerabilities.
For example, stand-alone tools such as cloud security posture management (CSPM), attack surface management (ASM), and email security deployed individually provide some value, however when integrated and interacting as part of a platform their value and utility can increase by magnitudes.
Attackers are today focused on moving laterally and avoiding areas of higher detection, so joining together the “telemetry breadcrumbs” can mean identifying attacks sooner, and with greater confidence especially when blocking and remediating.
A true platform is a ‘better together’ proposition that is more than a volume discount play, but instead a ‘better together’ technology where telemetry, reporting and response is made better than it would through a collection of point products that aren’t at all integrated.
Next steps
With the ever-increasing number of cyberattacks and data breaches, the expanding digital attack surface, a global skills shortage, and an uncertain economy, CISOs need to take a more unified approach to cyber risk.
The last recession didn’t see cuts to security budgets because the attackers themselves were more motivated due to the downturn, and it saw a change in the role of CISOs to be less in the trenches and more often in the boardroom. Given that cybersecurity is becoming more widely viewed as a business priority, the c-suite won’t likely be putting their companies at risk.
To learn more about Trend Vision One™ and the benefits of a cybersecurity platform, check out these resources: