TechRepublic talks to Carlos Morales of Neustar Security Services about how businesses can best spend their money on cybersecurity, even when budgets are tight.
Depending on who you ask, IT spending weathervanes seem to be spinning toward a 2023 “up”, but the wind is blowing in the opposite direction with large tech layoffs. What impact could this have on cybersecurity?
Last week, Gartner predicted that global IT spending will reach $4.5 trillion in 2023, up 2.4% from 2022. The company acknowledged that negative pressure from inflation had actually lowered its forecasted growth from Gartner’s original forecast of 5.1%, but said for enterprise IT overall. Spending is expected to remain strong.
Reference: IT Budgeting: Cheat Sheet (TechRepublic)
This is in line with a survey of more than 700 C-suite executives released last month by ESG Research, with more than half saying cybersecurity will drive increased IT spending this year. For them, cybersecurity is the most common justification that guides management to approve and fund new IT projects. And about 83% of senior IT decision makers say they are more prepared to respond to ransomware attacks than they were 12 months ago.
Consistent with ESG’s survey, a new study by the Neustar International Security Council found that few organizations believe they are meeting their security challenges, and say they have sufficient budgets to meet their security needs. was only half.
Carlos Morales, Senior Vice President of Solutions for Neustar Security Services, answers questions about how organizations should think about allocating their IT budgets and how to enhance their cybersecurity needs. The following conversation has been edited for clarity.
Q&A with Carlos Morales of Neustar Security Services
Given the potential for cost savings, how can organizations accelerate and prepare for security initiatives?
First, organizations need to think very carefully about how they manage their spending cuts. For example, he wants to reduce operating expenses by 10%. Applying it unilaterally to all departments and functions seems like a fair approach. From a leadership perspective, interrupting certain groups without interrupting others makes it difficult to manage effectively.
Why is this not a good approach?
Democratizing curtailment can make it easier to manage across an organization, but this approach does not take into account all the risks associated with curtailment. Cybersecurity is just one area that poses risks, but it is such a large area that a decision to reduce security budgets may result in a lack of a solid understanding of the risks associated with cybersecurity in the budget planning process. It means that there is
See also: What CISOs Can Do to Play Their Role Most Effectively (TechRepublic)
Specifically, how should CISOs deal with having to do more with less?
Every organization is different, but when asked to do more with less, many CISOs respond by assessing risk at the top level. A complete inventory of all potentially risky assets is not an ideal long-term strategy.
Are they using third-party providers who can at least enable organizations to offload their cyber defenses, if not turnkey solutions?
Yes, they are increasingly turning to managed security providers that offer cloud-based security services that include a combination of technology, cloud deployment, operations, software lifecycle management, security, and support. MSPs can inject the right capabilities when needed, provide expertise to augment the resources available to the business, and flexibly scale to meet growth and budgetary needs, while helping the company better spend money. We can provide a flexible OpEx model to help you manage.
What are some of the ways these services are an attractive option?
It removes much of the responsibility of purchasing, deploying, and managing technology, maintaining the infrastructure needed to run it, hiring the right people, and adapting to the ever-changing threat landscape. A growing number of security providers are offering a platform that integrates multiple services to address the capabilities, scale and adaptability of their solutions. This allows companies to consolidate vendors, thus providing further opportunities for cost savings. A strong platform vendor has a set of services that are complementary, tightly integrated, adhere to industry best practices, and have the expertise necessary to deliver all parts of the solution.
Importance of cyber security
In 2023, not only will attacks of all kinds be prevalent, but advanced threats are likely to emerge, so to improve employability and develop skills to meet organizational cybersecurity requirements, , you might be looking to get some security arrows in your quiver. If so, check out this Ethical Hacking Bundle that covers everything from Python 3 to NMAP.