By Joe McPhillips, APJ Senior Director for Channel Business at SentinelOne
According to most economic forecasters, a recession seems almost inevitable in 2023.
The World Bank cut its growth outlook from 3% to 1.7%, and companies have either
started laying employees off or warning that layoffs are coming. It’s an unfortunate
reality that could have a significant impact on your customers’ approach to
cybersecurity.
Companies cut back on their cybersecurity activities during the recession of 2007-2009. Scheduled network layer technology refreshes were canceled, investment budgets for cybersecurity technology were slashed, and headcounts for cybersecurity staff to
protect their digital assets were dropped.
With advances in cyber threats, allowing your customers to take a similar approach would be disastrous. Employees could easily evolve into insider threats, and having fewer eyes watching systems make it more likely that attacks would get through. Stolen data, encrypted files, and ransomware are on the horizon for any company that fails to safeguard its perimeter, which could then bring on increased government fines for things like GDPR inadequacies.
Security teams need to take steps today to improve their network’s security.
Pitch the ROI
Most businesspeople don’t view cybersecurity through an ROI lens. They look at it as a necessary expense or cost of doing business. However, you must demonstrate to your
customers need to present ROI to their board of directors to convince them of the
need for cybersecurity.
Calculating ROI for cybersecurity isn’t that complicated, but it requires using local
industry data. The best way for your customers to begin is by monitoring attempted
hacks on their company’s perimeter through their logs. IBM reported that the average
breach cost a company over $4.24M. While this number needs to be adjusted to your customer’s location and industry, it gives a starting point for demonstrating the ROI from
endpoint protection.
Determining the cost of a breach on lost business is another way your customers can
demonstrate cybersecurity ROI. Work with them to determine the number of days the
company would lose business and the amount that would cost. Make sure they add in
the cost to recover data loss and factor in customer churn, as many customers will look
for businesses that appear to be safer.
Finally, have them remind their board of directors about the government fines that could
be levied against them in the event of a data breach. You can calculate all potential
costs that stem from attacks, subtract the cost of running the cybersecurity program,
and present that data to your customer’s board to demonstrate the value your
cybersecurity program adds to their company.
Increase Automation
Cybersecurity programs are most successful when they combine automation with
human intelligence. Automated tools scan endpoint devices, correlate data from across
the network, generate protection ahead of an attack, and detect threats that have
already entered the network.
Helping your customers increase their level of automation during periods of economic
uncertainty is an excellent strategy for protecting corporate assets. While they can't
replace humans, automated tools are far better than people at scanning millions of lines
of code and detecting anomalies, turning raw data into knowledge. Once detected,
human cybersecurity professionals can analyse results and take necessary steps to end
the threat and prevent future breaches.
Add Threat Hunting Activities
Layoffs may be coming to legitimate businesses, but threat actors are still working hard
to breach networks, deploy ransomware, and steal your customer’s data. Taking a
proactive approach during these periods is a reasonable use of resources in defending
company assets. When done effectively, threat hunting discovers hidden advanced
persistent threats (APT), attempts at cybercrime, poor security practices, and
environmental vulnerabilities.
Threat hunting enables organisations to find breaches that have slipped past the
security shield and are dormant until activated. This activity enables your customers to
stay ahead of the latest threats and stop breaches from turning into full-blown attacks.
While threat hunting can be done manually, it is far more effective and significantly
quicker to supplement efforts with automated tools.
Strengthen Your Cybersecurity Posture During Economic Uncertainty
It’s unfortunate, but cybercriminals take advantage of any weaknesses they discover.
Many businesses will undoubtedly cut back on their cyber security program as they ride
out the predicted recession, opening the door to cyberattacks. By continuing to invest in and prioritise cybersecurity, your customers will be able to
emerge stronger when the economy improves.