The impact of COVID-19 on Your Cybersecurity Budget
In response to the pandemic, plenty of organizations had to re-invent themselves or significantly change the way they do business. Many business-as-usual (BAU) operations such as direct customer care, dealing with suppliers and collocated teams arejust not possible during the times of COVID-19. However, the need for information and increased productivity is, as always, on demand. Therefore,organizations had to embrace change and innovate.
According to McKinsey, airlinesrevenue dropped by 40%this year; people just would not share the same air with 200 strangerswhile flying at 10000 feet. Salesforce, Cisco Systems and PayPal cutstaff even after their executives voted not to do so. Some others sent people to work from home, despite the challenges and risks that this represents. Risk is a necessary evil in times of change. Planning, mitigating and acting against these cyber risks is part of the cost of COVID-19.
Understanding the cost of security measures is important for decision making. For example, employees working from home and connecting thru an insecure network representa vulnerability that can result in disclosure, theft,or damage of valuable information. Deployment of Virtual Private Networks (VPNs) an Intrusion Detection Systems (IDSs) can significantly reduce such risks.Any intrusionactivity or violation is reported to the Cybersecurity team or logged in an Event Management System for future analysis. The cost associated with security measures in times of pandemic has two components: The Projecteffort to deploy a security device or softwaresuch as a Firewall or IDS and the Ongoingeffort to analyze network traffic for malicious activity.
The global tendency to work-from-home (WFH) over the past year has increased the threat landscape, leaving organizations with arecurring task to protect staff and information. Cybercrime is expected to becomethe 3rdlargest economy in the worldby 2025, only after US and China. Organizations must carefully plan and budget for cybersecurity measures like:
Threat Analysis: Your Cybersecurity budget must be based on the threats that you face and their economic impact. This Threat Analysis will also help to justify your next year’s cybersecurity budget.
Ongoing Threat Monitoring: a group of cybersecurity experts analyzing network traffic and reports from firewalls, IDSs and other security devices within your organization
Training: In thesetimes of pandemic, people are certainly the most vulnerable channel. Training is required to ensure that people working from home understandhow to protect themselves and the company assets.
Incident Resolution: Plan for how many incidents you expect to receive per month and how much this will cost
Hardware Upgrades: Older laptops and servers withoutdated operating systems and antivirus software may work well behind your firewall, but they will certainly fall short when exposed to a public network
Insurance: Cybercrime is increasing so you can expect your cybersecurity insurance premiums to do exactly the same. Make sure to capture year-over-year growth in the cost of insurance
Security as a Service (SECaaS): If you think all the above is too much and your organization does not have the bandwidth or knowledge to deal with it, consider transferring the responsibility (and risk)to an outside company.Go Back