Aligning security and business strategies

By Sean Duca, vice president and regional chief security officer for Asia Pacific and Japan at Palo Alto Networks

Some economists predict that we could soon face a global recession. Looking at history, this does not bode well for levels of cybercrime. However, there is some evidence that macroeconomic conditions can impact cybercrime. In times of economic downturn, for example, cybercrime may increase as people turn to illegal activities to make money. During the 2008–2009 Global Financial Crisis (GFC) and subsequent recession, researchers noted that cybercrime rates increased dramatically. Their report focused exclusively on financial cybercrime, including identity theft. It attributed the rise to the proliferation of new technologies in regions around the world, with many more people than ever before possessing IT skills.

Adapting to an evolving cybercrime landscape

Cybercrime is constantly evolving. To keep ahead of cybercriminals, organizations must remain agile, pivoting to embrace new strategies and technologies whenever necessary in order to outrun attacks. When businesses are struggling due to the recession, there’s a strong temptation to look for ways to cut spending.

This is the time when many CFOs trawl through every line item in the budget, looking for potential savings. Any non-essential expenditure that can be cut, or postponed, will be. This can be a challenge to cyber budgets in organizations where security is viewed primarily as a cost center.

However, for another smaller group of CFOs, cybersecurity is viewed as an area to discover potential savings. After all, most cybersecurity expenditures are aimed at preventing potential problems. As a result, it’s hard to calculate its ROI, but knowing cybercrime rates are likely to rise during tight economic times, these leaders understand that cutting cybersecurity expenditures could, in fact, cost more than they had anticipated.

Taking a long-term approach to cybersecurity expenditures

Investments in cybersecurity are cumulative and allow organizations to build up their resilience to cyberthreats incrementally over time. So when an organization starts cutting back on its cybersecurity program, it can take many years to build back up to the level of cyber maturity it had before the belt-tightening.

Any minor savings achieved by cutting cybersecurity budgets in the near term could make your organization easy prey for cybercriminals whilst they actively hunt for their next victim. Moreover, if breached, your cybercrime losses could dwarf any budgetary savings. As a result, it’s essential to work closely with your CISO and security team to understand the tools they rely on most to keep up with the relentless pace of cyberthreats catalyzed by competent, well-funded, and motivated adversaries.

How organizations can gain efficiencies from security choices

Complexity can make managing and securing an organization’s systems and data challenging. It can be challenging to keep track of all the components and ensure they are correctly configured and secured. This complexity can make identifying and responding to potential threats harder.

Second, complexity can make it more difficult for an organization to communicate effectively and coordinate its cybersecurity efforts. For example, suppose an organization has multiple teams or departments responsible for different parts of its cybersecurity strategy. In that case, ensuring that everyone is working together and following the same processes and procedures can be challenging.

Overall, it is vital for organizations to carefully manage the complexity of their cybersecurity efforts to protect their systems and data effectively. Moreover, it may involve implementing processes and technologies to help reduce complexity and streamline cybersecurity management, and train employees to understand and follow best practices.

In these challenging macroeconomic times, consolidation becomes a key priority to address a dozen tools by leveraging a platform or, as Gartner has referred, a cybersecurity mesh. Gartner believes that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%. ¹   That’s a number no CFO would want to ignore.

Cyber resilience isn’t always about increased expenditures. Cyber budgets must be spent wisely, often without increasing costs or targeting the most likely risks. That starts with your crown jewels, who has access to them, and how they are protected. You can work with your security leaders to align on platforms that positively impact the health of your security.

1. Felix Gaehtgens et al, Top Strategic Technology Trends for 2022: Cybersecurity Mesh, Gartner, October 18, 2021

For more cybersecurity thought leadership, please visit us online.

About Sean Duca:

Sean is vice president and regional chief security officer for Asia Pacific and Japan at Palo Alto Networks. In this role, Sean spearheads the development of thought leadership, threat intelligence, and security best practices for the cybersecurity community and business executives. With more than 20 years of experience in the IT and security industry, he acts as a trusted advisor to organizations across the region and helps them improve their security postures and align security strategically with business initiatives.

Prior to joining Palo Alto Networks, he spent 15 years in a variety of roles at Intel Security (McAfee), with his last position as the Chief Technology Officer for Asia Pacific. Before this, Sean was involved in software development, technical support, and consulting services for a range of Internet security solutions.