10 Belt-Tightening Tips for CISOs to Weather the Downturn>
Bank Info Security – Anna Delaney
The article highlights several key strategies for maintaining effective cybersecurity practices during lean times.
Here’s a summary of the recommended approaches:
1) Look for ways to consolidate security tools: A recurring theme among the CISOs was the cost of growing portfolios of security tools.
While many companies have invested in best of breed solutions, software costs are a prime candidate for belt-tightening.
2) Prepare for vulnerabilities in IT operations: The article warns that operational IT teams may face cutbacks, which can lead to delays in applying patches and potential exposure to more vulnerabilities.
Monitoring patching programs and staffing levels, and agreeing on an acceptable level of risk, is advised.
3) Renegotiate contracts with managed services vendors: Organizations already using managed security services (MSS) vendors can explore renegotiating contracts for cost reductions and consolidating vendors.
The article specifically mentions cost reduction opportunities in capturing and managing logs.
4) Assess supply chain partners: It is crucial for organizations to evaluate the cybersecurity practices of their supply chain partners, as they can be potential weak links.
Vetting suppliers, educating them about cybersecurity practices, and helping strengthen their programs are recommended.
5) Enhance cyber awareness training: Regular employee recognition, integrated security training into everyday roles, and celebrations and acknowledgments of security-conscious behavior are suggested to build a security culture.
6) Focus on incident response and resiliency: Lessons learned from the pandemic can be applied to improve incident response and resiliency planning.
Comprehensive plans covering both IT and OT, involving relevant teams and board members, should be developed and tested.
7) Strengthen email defenses: Email is a commonly exploited attack vector, emphasizing the need for robust email security.
Upgrading email security measures and configuring policies to prevent initial attack vectors are recommended.
8) Automate security processes: Automation can help speed up threat detection and response even with limited resources.
It is essential to ensure trust in the automated tools and maintain visibility into their operations.
9) Seek projects to reduce cyber insurance costs: As cyberattacks increase, cyber insurance rates rise.
Organizations investing in cybersecurity and risk management are rewarded by insurance companies.
Focusing on what matters most in cybersecurity can help mitigate insurance costs.
10) Train and hire security specialists from within: Cultivating security talent from existing IT employees through training programs is a cost-effective approach compared to recruitment.
Developing team members who are willing to learn can help maintain a skilled cybersecurity workforce.
Overall, the article emphasizes the need to focus on long-term cybersecurity strategies, even amidst lean times.
Short-term decisions, like major cuts in cybersecurity programs, may lead to legal liabilities and reputational damage in the event of a data breach.
Link: https://www.bankinfosecurity.com/10-belt-tightening-tips-for-cisos-to-weather-downturn-a-21321