Eight Steps in Managing Cyber Risk Through a Downturn

I predict that for cybersecurity leaders, 2023 will not be an easy year. On the one hand, organizations are facing an increased risk of cyberattacks, ransomware attacks and data breaches; while on the other, financial constraints and macroeconomic headwinds are causing organizations to scale back on an already insufficient and underinvested cybersecurity infrastructure.

Economic downturns create a fertile ground for cybercriminals. Sudden and unexplained downsizing may turn employees rogue, increasing the risk of insider threats and data breaches.

To manage this adversity gracefully and bounce back from this period of elevated risk and uncertainty, cybersecurity leaders must get creative, do more with less and manage risk more effectively. Let’s look at eight steps organizations can take to improve security controls and boost cybersecurity resilience.

1. Adopt a risk-based approach.

Conduct a comprehensive risk assessment to identify the most critical cybersecurity risks. Evaluate vulnerabilities, potential attack vectors and potential impact on the business. Assess whether your organization has defenses and mitigations in place to counter those risks.

2. Prioritize essential security measures.

Once top threats and risks are identified, allocate appropriate resources to implement, maintain and bolster security defences. Ensure these measures are aligned with the latest security standards, processes and technologies. With generative AI and machine learning technologies maturing, it might be a good idea to harness these large language models for building novel threat prevention approaches and overcoming security resource constraints.

3. Expand and consolidate where necessary.

While it's important to expand your security portfolio and controls to deploy adequate countermeasures, studies show that security leaders are increasingly gravitating to larger, consolidated services that can provide multiple security models and platforms in a single cloud offering.

This is because technology consolidation can provide cost savings and improve end-to-end visibility of security threats in comparison to disparate point solutions. To be more specific, consider the inroads made by advanced enterprise-class models known as secure access service edge (SASE).

4. Focus on employee awareness and training.

Human error is the primary cause (download required) of data breaches. With hybrid work arrangements taking root and seemingly becoming standard, it is important for security teams to educate workers about inherent risks to the organization and how employee behaviour can make or break the cybersecurity posture of the organization. Regular training sessions and simulated phishing exercises and testing can empower employees to identify, mitigate and report potential fraud.

5. Monitor the threat landscape.

While organizations may share some commonalities, every business is unique. Risks are multiple and varied. It’s the nature of threats to evolve continuously. Any historical snapshot of the threat landscape quickly becomes out of date.

Therefore, to develop a better understanding of the threat landscape, organizations must continuously monitor the various attack surfaces. Some organizations operate across multiple global entity online systems, so it's important to understand risks from the context of geopolitical instability and the increased exposure to nation-state adversaries.

6. Collaborate and share information.

Cybercriminals are known to collaborate and share tactics. Security teams can do something similar by establishing partnerships with industry peers, government agencies and cybersecurity forums to exchange threat intelligence and best practices. Such collaborative efforts can help identify emerging threats and develop timely and effective countermeasures.

7. Build transparency in the supply chain.

While it’s critical to have visibility and control over threats in an internal environment, it’s foolish to leave third-party partners out of the equation. Cyberattacks on the software supply chain alone have grown by 742% in the past three years.

Partners that have access to sensitive assets, processes and data can be identified and made fully aware of the organization’s risk appetite. At the minimum, I believe you should comply with the organization's security norms and expectations and implement adequate threat detection, prevention, monitoring and reporting capabilities.

8. Be ready for any crisis.

In cybersecurity, it's almost impossible to have all your bases covered. Given budget limitations and skills shortages, security teams are at their leanest. The business worries more about growth than about security. With the chances of a cyberattack or breach just around the corner, having a well-practiced incident response plan in place can help determine the roles, responsibilities, actions and escalation processes in the event of a cyber incident.

Cybersecurity risks are the new norm, and economic crises frequently impact organizations' planning toward cybersecurity, creating conditions that heighten the probability of cyberattacks and data breaches.

To achieve long-term sustainability and resilience, I believe organizations can prioritize cybersecurity measures and promote collaboration across stakeholders to establish a unified and comprehensive defence. By implementing sound cybersecurity practices, organizations increase their capacity to weather uncertain economic conditions and build more resilient infrastructures in the enduring future.

As a security leader, how are you ensuring resilience in the face of uncertainty ?

Build confidence in your cyber resilience with the ISF's NCSC resource guide: