Balancing cybersecurity costs and business protection

Here’s how businesses can keep cybersecurity costs optimised without compromising on long-term protection

As we enter a period of economic uncertainty, cost savings will be high on the business agenda – even cybersecurity budgets will come under threat. Yet, with the frequency of attacks increasing, slashed spending in this area could prove a false economy as any vulnerability could be incredibly damaging. It may result in additional costs – both financial and reputational – later down the line.

For many SMEs, cuts to cybersecurity budgets may feel justified due to a lack of breaches encountered in the past. However, the reality is those defences are why they’ve never had an attack. You wouldn’t get rid of a house alarm because you’ve never been burgled. Cybersecurity should be no different.

Organisations may also think they can do away with security measures because they’re too small – that they’re not a juicy enough target. But the opposite can be true. Hackers can see smaller businesses as easy prey that won’t have the same calibre of defence as a large corporation – and more likely to give in to demands too.

We have seen instances of smaller businesses capitulating to ransomware exploitations, when the hackers encrypt files and demanded a fee of a couple of thousand pounds to unencrypt them. Smaller organisations often calculate that this is a relatively small cost compared to the potential implications.

>See also: Cybersecurity jargon impacting communication between C-suite and specialists

Getting value from every pound

Instead of immediately jumping to cut the budget therefore, organisations should instead be looking to deliver value from their investments. They can do this by, firstly, ensuring that the potential of every pound spent is being fully realised and, secondly, ensuring any additional investment is being spent in the right areas – training, for example, is one area that is sure to deliver ROI.

One way organisations can make sure they’re getting full value is by making the most of the cloud. When SMEs opt for a bundle package from a provider like Google or Microsoft, they typically include lots of security measures as standard – yet these are not always utilised.
Functions such as multi-factor authentication, which add an extra layer of protection, are too often not switched on – despite being simple to set up (all you need is a smartphone).

A people-focused approach

When thinking about cybersecurity, another area that is often overlooked is the possibility of human error. While the risk of an employee retaining data accidentally can be just as serious as an external hacker, preventing accidental breaches shouldn’t cost the earth and there are simple ways to minimise the chance of one happening.

Regular training is the most effective ways to prevent a slip-up and will empower staff to stay on top of new threats. It’s important, however, that this training is targeted and being applied in the right areas.

For example, one way to understand where the gaps might be is to prepare employees for common exploits by running simulated attacks. This can involve sending spoof emails or ‘dodgy’ links to see how employees react. This isn’t about catching people out but pinpointing any weak spots and identifying any areas where employees may need additional support.

Stopping malicious insiders

We must also confront the possibility that malicious acts can be carried out deliberately by disgruntled employees leaving the organisation in the wake of redundancy. This can have serious implications for an organisation’s compliance or insurance status.

For example, we had a school approach us who had had their entire database wiped by a resentful ex-member of staff whose access permissions had not yet been changed. Ensuring that the necessary protocols are in place – and that they’re being followed – is easy and costs nothing. And it may save you from paying the price later.

While the current climate is certainly challenging, businesses shouldn’t have to choose between savings and safety. When there are steps organisations can take to ensure they’re maximising their ROI, they will not have to spend more to prevent their company being compromised.

Richard Nelson is senior technical consultant at Probrand


How securing cloud data saved one business £18,000 — Here’s how businesses can go about properly securing their cloud data and save thousands.

Five defence-in-depth layers to implement for business security success — The ideal steps that your organisation can take towards true defence-in-depth across the whole business.