5 tips for cutting budgets in a crisis without hurting security
Information security has long had the reputation of being unstaffed and underfinanced, and that was before COVID-19. Under the current economic downturn, pressures have become even greater, with research company Pulse reporting on June 4th that 23% of security budgets are currently frozen and that 49% have been reduced.
So when the CEO asks you to cut that already under-resourced budget, where should a CISO start? More specifically, is there a way to make these cuts that can keep them from becoming permanent once the economic downturn is over? CSO connected with consultants, vendors and CISOs for their top tips:
1. Identify overlaps in tech
In the golden triangle of people, process and technology, start by looking at tech — namely, the software the company already has. Leo Taddeo, former FBI special agent in charge of the New York office’s cyber division, says, “Look for areas where innovation has created efficiencies.” Since many tech vendors are constantly adding new features, there may be overlaps now that didn’t exist yet at onboarding. Take your current endpoint protection suite for example; Taddeo says it may also provide significant antivirus protection, adding “If a CSO is incurring costs for both, then this is an area for cost savings.”
Work with other departments to see what technology they use. Identifying shadow IT has always been a struggle, so start with known systems, especially ones that are more widely used. Taddeo says, “There may also be capabilities in an existing platform, like Windows 10, that allow a CISO to mitigate risks by simply switching on a security feature.”