4 Ways IT Pros Can Maximize Cybersecurity on Waning Budgets
In the effort to safeguard their network and data assets, technology security professionals walk a thin line. On one hand, they are tasked with keeping systems secure at a time of escalating threats. At the same time, security budgets may be stagnant or shrinking, as organizations tighten their belts in the face of economic uncertainty — potentially derailing needed investments in security.
With a thoughtful IT management strategy and the right mix of tools — including multi-factor authentication (MFA) capabilities, public key infrastructure-as-a-service (PKIaaS) and Fast Identity Online (FIDO) — it’s possible to keep ahead of the threat.
Cybersecurity and the SMB Landscape
Many SMB technology leaders find they are running lean. In a recent Neustar International Security Council survey, for example, nearly half (49%) of security decision-makers said their cybersecurity budget was insufficient to fully address the present need. 11 percent said they can only protect mission-critical assets. And a whopping 69 percent worry that budget constraints limit the use of new cyber tools and strategies.
Technology has been at the forefront of expanding business capabilities in recent years. Increasing reliance on digital solutions helps businesses to grow, but it also widens the cyber-attack surface that security professionals need to defend. “Now, with growing economic uncertainty creating additional pressure, they are being asked to do more with less,” Forbes reports.
There are over 32 million small businesses in the United States, the U.S. Small Business Administration reports. They’re the target of 43% of cyberattacks, and 83% say they aren’t financially prepared to recover from a major incident, according to Cybersecurity Magazine.
With the shift to remote work, many are looking to outside services providers to help them maximum the use of their resources. In the HID 2023 State of Identity Report, for example, 81% of respondents offering a hybrid work model (both in-office and remote work) said they require identity management delivered “as a service” rather than via on-premises infrastructure in order to expand.
How else can SMBs stay ahead of the cyber threat in uncertain economic times? A number of key strategies point the way forward.
Cost-Effective Cyber Strategies
Challenged to do more with less in these uncertain economic times, SMB technology leaders and security professionals can leverage a number of key strategies:
- Prioritize investments — To safeguard digital resources amidst shrinking budgets, IT leaders need to prioritize their existing projects and carefully weigh new expenditures. They need to take a hard look at which cyber defensive tools and technologies are most important in reducing their risk. Quantitative analysis helps here.
“To strengthen the foundation for strategic security decision making, it is preferable to prioritize threats on the basis of actual observations (evidence) rather than human opinions,” according to the IT professional membership organization ISACA. Businesses can better plan their cyber spending “by leveraging the vast amount of threat-related data that enterprises maintain … such as security monitoring and incident workflow solutions.”
- Conduct an ROI analysis — Organizations can and should quantify the short- and long-term impacts of their cyber investments. To determine their return on investment, they can measure not just the frequency of incidents and time to remediation, but also things like risk reduction and reputational harm.
“By understanding cyber risk through the lens of ROI, organizations can better measure the impact of various attacks on their business. Such methods lead to a clearer calculation of the organization’s cyber-risk appetite, which in turn supports the development of a more informed strategy,” according to the Internet Security Alliance.
With any security decision, “you’ll benefit from the ability to determine the cost of a potential risk versus the cost of the control,” according to the Center for Internet Security. Running an ROI analysis will enable IT leaders “to determine which risks are the most cost-effective to address and which will help prioritize your defense strategy.”
- Work across the organization — Cybersecurity these days is a team effort, involving not just IT and end-users, but others across the leadership team. To make effective use of their resources, SMB technology professionals need to find potential allies throughout the organization. This includes partnering with the physical security team.
“Although physical security is absolutely critical to maintaining network security, it is among the most often forgotten aspects of protecting a network,” according to the ED Council, a cyber-credentialing organization. IT leaders can stretch their budget further by working in close collaboration with those tasked to secure servers and other hardware, as well as the physical premises where the technology lives.
- Avoid rip-and-replace hardware upgrades — Rather than scrapping existing hardware-based security solutions, IT can build robust defenses more effectively by leveraging cloud-based security to cost-effectively upgrade their security programs.
Some will leverage cloud-based PKI as-a-service to help with the lifecycle management of their public key infrastructure certificates, while others will leverage FIDO to achieve passwordless authentication. In addition, cloud-based solutions can help SMBs to implement multi-factor authentication, at a time when only 14% of SMBs consider their existing cyberattack and risk mitigation abilities to be highly effective. In fact, some 80-90% of cyberattacks could be prevented by the use of MFA, Infosecurity Magazine reports.
Overall, SMBs need to be strategic about their defenses in order to maximize the impacts of their limited budgets. Cybersecurity “cannot simply be ‘bolted on’ at the end of business processes,” according to guidance from the Internet Security Alliance. “Security practices need to be woven into an organization’s key systems, processes, strategy and culture from end to end.”
With a proactive strategy in place, IT leaders will be better positioned to help small and midsized businesses address the growing cyber challenge, without busting the bank.
As they align their resources, many will turn to MFA tools and capabilities. In the HID identity report, 67% of respondents state that MFA and passwordless authentication are most important to adapting to hybrid and remote work — a challenge many SMBs have already learned to see as the new normal today.
And with as-a-service offerings, IT can shift many of the mundane daily cybersecurity tasks onto a third party. This in turn frees up IT talent for higher-level tasks, while also ensuring that the needed protections are delivered reliably and within budget.
Katie Björk is the Director of Communications and Solution Marketing at HID. She has nearly 20 years of experience in marketing, communication, market research and change management strategy for several large companies and multiple industries globally. In her current role, Katie is a member of her business unit’s leadership team and focuses on studying the market and ensuring the delivery of an unparalleled user experience in the world of Identity and Access Management.