For Recession-Proof Security Spending, Embrace The Value Of Multi-Layered Integrations

Tonight’s task in the hands of the team

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More


The global economic conditions of 2023 have raised the stakes for maintaining a strong cybersecurity posture. With budgets scaled back amid layoffs and narrowing margins, the need to adopt recession-proof cybersecurity approaches has come to the forefront as understaffed security teams face increasing pressure to do more with less.

A raised profile for cybersecurity

Corporate boards are starting to allocate more attention to cyber initiatives alongside a long list of other priorities amid constantly changing economic conditions. However, the increased attention hasn’t exactly translated into additional funds for CISOs. Two-thirds (66%) of respondents in Mimecast’s newly released State of Email Security Report 2023 said their organization’s cyber-defense budget is less than it should be. The sentiment reinforces a similar tone from the annual report’s 2022 version, which found that respondents with a reduced cyber budget were nearly united (95%) in agreeing their organization’s cyber-resilience was impaired.  

With that in mind, the reality of our socioeconomic climate raises an interesting question pertaining to effective cyber spending: What cost-efficient security investments should organizations prioritize to ensure they can work protected and emerge from the possible downturn unscathed? 

For CISOs across sectors, that is the million-dollar debate — and their decisions could make or break their business for years to come.

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

Register Now

If recent history is any indication, economic uncertainty breeds cybercrime. Take the Great Recession of 2008, when cybercriminal activity rose by 40% in the two years following the downturn’s low point. It’s important to remember that back then, modern enterprises were far less dependent on the cloud-based networks and operational technologies that are staples of today’s remote work culture. The plethora of business collaboration tools like Slack and Microsoft Teams, emerging vectors of the hybrid attack surface, didn’t even exist yet.

So, after 12-plus years of rapid digital transformation across traditional enterprise ecosystems, threat actors have an extensive range of new vulnerabilities to exploit. Coupled with a growing cybersecurity talent shortage amplified by precautionary hiring freezes, organizations should expect sharp upticks in human error, social engineering, ransomware and insider threats both during and after the current downturn. 

The action (or inaction) they take today will dictate their ability to weather the storm tomorrow.

Not the time for experiments 

In a perfect world, a conventional approach to recession-proof cyber spending would be to invest in a robust arsenal of best-of-breed technologies that address every intricacy of NIST’s five-tiered cybersecurity framework.

Except this situation isn’t that simple. For starters, the myriad tools and technologies that comprise such an arsenal are expensive to adopt, complex to deploy and difficult for security teams to learn on the fly.

Additionally, most enterprises lack the financial flexibility to invest in niche solutions from boutique vendors that are often high-priced and unproven. With the margin for spending error exceedingly slim, this is not the time for experimentation.

To maximize the return on their tech stack, organizations should instead structure cyber spending around a multi-layered security architecture — investing in credible, established vendors that offer interoperable solutions within an integrated framework aligned to their unique risk profile.

In turn, CISOs can leverage technology to optimize their people and processes, automating manual tasks and routine functions with AI and machine learning for higher levels of operational efficiency. 

Multi-layered security architectures have a double benefit for cost efficiency: they preserve both human and financial capital. Empowering security teams to eliminate tedious workflows helps reduce constraints associated with the skills gap, burnout and tool sprawl currently afflicting the cyber workforce. Our company’s independently-commissioned State of Ransomware Readiness Report found that more than 54% of cyber professionals believe the nature of their job has a negative effect on mental health, as their roles and responsibilities become more stressful each year. Additionally, 34% of leaders reported struggling with recruiting essential IT staff after an attack.

Consolidating security frameworks with a deep library of API and third-party technology integrations alleviates the complexity of a bloated tech stack. Modern enterprises leverage as many as 75 different tools and technologies, yet only 28% integrate a SOAR or SIEM platform to drive defenses.

Prioritizing consolidation reduces the burden on employees forced to master dozens of tools at a time while also eliminating the costs of unnecessary sprawl and annual renewal contracts. It creates a more agile security posture that minimizes complexity and mitigates risk without breaking the bank. 

Turning insights into action 

The operational benefits of a multi-layered security architecture are continuous and wide-ranging. By combining the core capabilities of various fundamental security tools into a universal line of defense, organizations can automate the analysis of third-party telemetry data to align prevention, detection and response processes across multiple controls.

That intelligence data is simplified into actionable insights delivered over the integrated platform in real time, generating a holistic view of the organization’s end-to-end security environment through a single pane of glass. The centralized visibility serves as a guiding light for security operations center (SOC) teams to make the right moves at the right times for enhanced efficiency. For example: 

Use case 1: Streamlined incident response

Envision an SOC incident responder who was just alerted about a suspicious attachment that entered the organization’s network via Microsoft Teams. Typically, they would spend hours manually investigating the potentially malicious activity, analyzing multiple siloed security sources to seek intelligence, including detonating the file, determining its origin, and identifying how many devices it had infiltrated. Rinse, wash, repeat. 

But with a multi-layered security architecture, that elongated process is streamlined from the moment the alert is received. The analyst could use the integration’s SOAR tool to automate the extraction of metadata from a corresponding collaboration security solution that first flagged the IoC.

The SOAR runs the datasets through three additional security tools also integrated within the framework, and then creates a series of simplified directives informing the analyst on how to respond. What was once a multi-hour manual workflow comprised of tedious copying and pasting is trimmed down to about 90 seconds.

Use case 2: Efficient threat intelligence sharing

Now, envision that same security analyst who effectively remediated the incident, but is still tasked with performing damage control to prevent recurring breaches. This requires swift sharing of threat intelligence across the organization’s entire security ecosystem — instructing its fellow endpoint, web, data, network and application security tools to also block the suspicious IoC should it return. Again: rinse, wash, repeat. 

A multi-layered security architecture, however, would allow the analyst to forgo all that manual patching and updating across five different platforms. Since every system within the integrated framework is interoperable, intelligence sharing is automated across the ecosystem via customized scripts, continuous feedback loops and universal block lists. Another multi-hour manual workflow trimmed to merely minutes.

Use case 3: Targeted XDR capabilities

Finally, envision the same SOC team’s threat hunters who are responsible for proactively identifying similar IoCs before they bypass protections. With siloed security tools, it’s a tedious process comprised of manually sifting through hundreds of incoming alerts to determine their relevancy based on the organization’s risk profile — essentially searching for a tiny needle in a massive digital haystack. Rinse, wash, repeat. 

With a multi-layered security architecture, threat hunters can instead create customized scripts within the overarching integration library, formulating targeted XDR capabilities constructed around the organization’s unique security needs and risk profile. These automated processes could, in theory, continuously flow from an email gateway/SSE to the integrated framework’s corresponding XDR system, sharing contextual intelligence on various IoCs, metadata, rich logging, malicious URLs, user activity and data movement in real time. The contextual information in turn eliminates hours of mundane work by informing threat hunters which threats to prioritize that day.

Doubling down on interoperability

The realities that come with a potential economic downturn on the horizon are clear. Even amid the current landscape, more must be done across the cyber community that positions strained SOC teams to fight back against threats and swing the balance of power away from adversaries. For organizations with reduced cyber budgets and widening skill gaps, rallying around core sets of key capabilities that are tightly integrated is imperative. A multi-layered security architecture is the bridge that can get them safely to the other side.

While we can’t always control the ripple effects of a volatile market environment, what we can control is how we respond to them. The ball is in our court — now is the time to deploy a true team-sport approach through interoperability.

Joseph Tibbetts is senior director, tech alliances & API at Mimecast

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers