Smarter Cybersecurity Spending in a Pandemic

    678

    Minimize Risk and Maximize Efficiency by Making Sensitive Data Disappear

    By Alex Pezold, founder and CEO of TokenEx

    While a mere four months into a new year, we have already crossed the one-year mark of living with the Covid-19 pandemic. Businesses are still reassessing budgets, re-evaluating strategies for social distancing and remote working, and grappling with continued economic uncertainty. But if the past year taught us anything, it is that cybersecurity must be a top investment priority for businesses.

    During this time, we have witnessed the number of data breaches, ransomware attacks, and fraud attempts skyrocket while the world sought to “right the ship” and determine how to secure sensitive data and transactions in the new normal. Despite finally beginning to see a light at the end of the pandemic tunnel, the security breach outbreak rages on.

    Cybersecurity investment has become a strategic imperative that must guide conversations in the boardroom. Maintaining an intensive focus on protecting sensitive data from cyber threats benefits the customers you serve, as well as the longevity of your company.

    The Economic Instability Shuffle

    As a business veteran, I have seen some bold business moves in my time. As a leader in the security space, I have also watched companies cut investments in cybersecurity the moment that markets indicate any economic instability. It can be difficult to justify the cost of investing in cyber initiatives to the board when those projects do not generate revenue, or when they are not a core competency for the company. When cash is tight, it is hard to see the upshot of cybersecurity investment if you cannot easily gauge the ROI for the spend. I am sympathetic to both situations.

    Holding onto cash and only spending on initiatives that increase or stabilize revenues, improve competitive advantage, or sustain core competencies seem like sound strategies. Unfortunately, this view does not consider the cybersecurity risk that has continued to increase throughout the pandemic.

    The Big Three: Risk, Liability and Compliance

    One thing I know for certain is that regardless of an economic downturn, a company’s risk, liability, and compliance obligations do not change. The value of data continues to increase exponentially, and as a digital business resource, companies are not getting rid of it. Therefore, if sensitive data remains, so too does the risk of it being stolen or otherwise exposed.

    Further, any liability associated with stored data does not change either. If a company is attacked, the costs of a data breach remain the same. These costs can devastate companies that are already struggling to survive. In some dire instances, it can be what ultimately causes them to cease operations.

    Finally, to a regulatory body, rules are rules. They make it crystal clear that for companies storing sensitive data, compliance must always be maintained, regardless of how the economy is behaving or world markets are performing. Therefore, the cost of compliance remains constant, and if there is no continual investment in compliance-related functions, falling out of compliance can be a realistic possibility.

    Don’t Underestimate the Value of Cybersecurity

    While I’ve identified that economic distress can cause companies to restrict spending or reduce costs, these cutbacks generally occur in three ways: reductions in workforce, functions, and technology. However, to execute a successful cybersecurity strategy, the fundamental elements required are people, processes, and technologies. A company runs the risk of cutting valuable resources in these areas if not accurately assessed, and the resulting challenges will leave an organization’s cybersecurity posture vulnerable.

    To prevent a breach, every single security control must function properly 100 percent of the time. Lapses in security systems, human error, or underperforming controls will inevitably leave openings for cybercriminals to exploit, resulting in a breach or exposure of sensitive data. That is why financial decisions should be governed by those who understand that sparing investments in cybersecurity could result in a data breach that is far more costly than maintaining an effective security posture through a comprehensive program. If you think good cybersecurity is expensive, you should try bad cybersecurity. Although reducing spending might save money now, it can end up costing more in the long run.

    Securing Board Level Buy-in

    When the board holds the purse strings, a good way to persuade them to allocate funds for securing data is to emphasize the risk of cost avoidance. Many of the points already covered in this article can help illustrate the urgency, in addition to recent data breach reports. If the board is unwilling to learn from previous beaches other businesses have suffered, they will only have themselves to blame should something happen at their company.

    To mitigate the long-term costs associated with breaches, we strongly recommend investing in technologies that minimize the risk of data theft. If the data is not in your environment, it is going to be impossible for hackers to gain access to it if your environment is breached. More importantly, treat sensitive data the way it deserves to be treated – as your most valuable business resource. I guarantee that companies that prioritize data protection are not only more secure but are also generating more value from their data.

    The recent pandemic is only the most recent event that’s weakened our economy. We know it is inevitable that future forces will cause it to fluctuate again. We also know that when companies don’t prioritize cybersecurity, breaches occur—as evidenced by the continual increase in security incidents year after year. To stymie the hackers, investments must be made that prioritize data protection.

    Businesses should look for partners that are dedicated to minimizing risk and liability and simplifying payment and privacy compliance from day-one. By doing so, they can protect the world’s most sensitive data from breach. After all, hackers cannot steal what’s not there.

    About Alex Pezold

    Alex Pezold founded TokenEx in 2010 with a vision to create the most secure, nonintrusive, and flexible data security solution in the market. Prior to founding TokenEx and while working as a qualified security assessor with the PCI SSC, Alex recognized the potential of cloud tokenization. This inspired him to use it as a scope- and risk-reducing technology to protect data in an increasingly privacy-focused world.