As 2020 dawned, finishing touches were put on company strategies -- plans were being completed and budgets confirmed. All was relatively normal in the world, even for chief information security officers (CISOs).
As security and risk management executives, CISOs are tasked with formulating the strategy for identifying threats, mitigating risks, and protecting the enterprise, its customers, and shareholders from the devastating financial losses associated with successful cyberattacks.
Then the COVID-19 crisis struck, and changed everyone’s plans, including those of the CISO, who suddenly had to deal not only with the security risks of an entire company working from home, but also surging internet traffic hiding malicious activity of bad actors as online became the only viable channel for customers in lockdown.
>70% of CISOs and security buyers believe budgets will shrink by the end of 2020. (1)
How can CISOs and their teams accomplish more with a smaller security budget?
We have taken tried-and-true cybersecurity best practices and strategies and adapted them to this year’s new reality.
1) Identify and document the assets that need the most protection:
It goes without saying that you cannot protect what you do not know about. Websites are highly visible and therefore CISOs can identify the risks as attacks such as account takeover continue to present a major challenge. However, APIs are more challenging to evaluate. Many security teams can’t assess the risk to their company because they don’t have visibility into all of the APIs in use. As a result, CISOs need to work across their organizations to identify all of their APIs, including those used for authenticating users and to develop mobile apps.
2) Align security budgets with business goals
Business alignment is a core component of a successful security operation, and CISOs can help business leaders across the organization achieve their goals. For example, keeping synthetic traffic off your site will not only keep your site secure, but it will also improve accurate measurement of conversion rates, improve the customer experience and keep their data safe, and reduce infrastructure costs. Given this interdependent nature of security with the rest of the organization, security budgets should be aligned with business goals to ensure success.
3) Educate the C-suite on the risk of cyberattacks
CISOs need to ensure that the rest of the C-suite is aware of the risks facing your organization and your customers with an incomplete or ineffective solution. Your customers need to feel that they can trust the online channels they are interacting with as they are now the primary way of working with your company. Combine that with opportunistic bad actors and you have a potentially disastrous situation. A successful attack would have long-term impacts on your brand, stock value, and revenue.
4) Focus on time to value
Given the need to get things done fast with less budget and a lean staff, opt for the solution that not only addresses a core challenge, but is easy and fast to implement. Your team does not have time for a months’-long deployments and complex and time-consuming configuration efforts. Any solution you implement in 2020 should have a time to value measured in minutes, not days, weeks, or months.
5) Strongly consider a SaaS solution
Your team needs to be able to spend time on protecting your critical assets, not on maintaining security solutions. Look for a SaaS solution with low maintenance and long-term efficacy to help keep your costs down and your team focused on its mission.
6) Evaluate the team behind the solution
When searching for your solution, make sure that the team behind the solution is agile and readily available. Your solution provider should be able to support you 24/7 as issues arise. When it comes to security, you need answers in minutes not days.
Security vendors have work to do, too
As their customers and prospects pivot to get more done with the same or less budget, security vendors need to do their part. In 2020 and beyond, security vendors should focus on making their solutions tick the right boxes:
- Offer time-to-value almost immediately
- Solutions should be able to be rapidly deployed
- Provide long-term efficacy
- Solutions should be able to defend against increasing sophistication as attackers retool to work their way around existing defenses
- Remove customer friction
- Security solutions should be invisible to your customers
- Improve business visibility
- Solutions that completely remove synthetic traffic and provide dashboards of human traffic for accurate reporting
Would you like to learn how Kasada is cost effective and protects your business against automated web, mobile and API attacks? Please request a demo today.
Operating globally since 2015 and trusted by enterprises worldwide, Kasada gives internet control and safety back to human beings through its category-defining digital traffic integrity solution. With Kasada, even the stealthiest cyber threats are foiled, from login to data scraping across web, mobile, and API channels. Scalable up to multi-billion-dollar companies, onboarded in just minutes, and designed to deliver clear ROI in multiple departments, Kasada’s solution invisibly defends and enhances critical business assets while ensuring optimal online activity, with immediate and lasting traffic security. Kasada is based in New York and Sydney, with offices in Melbourne, San Francisco, and London. For more information, visit www.kasada.io.
Copyright 2020, Kasada, Inc. All rights reserved.
(1) COVID-19 crisis shifts cybersecurity priorities and budgets, McKinsey & Company, July 21, 2020