Before the pandemic situation, companies used to think that the security of their services and systems were safe and secure. Now, as telecommuting has become a possible way for workers to work in companies, each organization has less physical oversight of the devices and tools they use.
The COVID-19 crisis brought many cybersecurity risks into the spotlight, risks that were there but have increased over time. Businesses are increasingly reliant on digital services and cloud-based systems. With the technological transformation inevitably brought about by pandaemia, companies had to adapt abruptly.
As the technology landscape expands in the work environment, workers also rely on their own devices, adding additional vectors of exploitation. Externally, customers and partners want easier, faster and more modern ways to work with your company, opening up your brand and business to more potential risks. Security teams are therefore being asked to protect a broader landscape with fewer resources, but to do so more quickly and effectively. Clearly, using the same old methods, processes and tools is not going to keep pace with this ever-increasing need.
Attack surface increases, resources decrease
But now it is also facing shrinking budgets, equipment rationalization and reduced resources due to teleworking. Due to the crisis caused by the coronavirus, companies have needed to make cutbacks or adapt to telecommuting by lowering those office maintenance costs. And while experts suggest ways to deal with those cuts, doing more with less will be the new normal for the foreseeable future.
Security teams now face two choices: maintain the status quo while struggling to keep pace with threats or fundamentally change the way they think about security to increase speed, agility and impact.
A key transformation area for security teams is the consolidation of both applications and vendors. However, simply reducing applications and services based on cost is not the best solution. But there is a logical way to evaluate security and start taking some steps to balance your security needs against the benefit of each application.
Optimize the security protocol
First, you may be paying for some tools that provide little value or are underutilized, both in security and across the organization. Consolidating across your enterprise reduces the threat surface and saves money. McKinsey states that “you can save up to 30% of IT spending” by, among other things, “decommissioning underutilized applications.”
The same concept can also be applied to security tools. It has been reported that medium-sized companies use up to 60 security tools, while large companies may have more than 100 security tools deployed. Surely there is a lot of overlap between so many tools intended just for security, but it is also likely that there are some gaps that those tools are not able to fill. Each point solution adds cost, but it also consumes security resources to manage it, make sense of the data, and cross-check those results against dozens of other potentially disconnected tools.
Efficiencies can be increased while reducing both costs and solutions by working with preferred vendors to extend their services and solutions within your security appliance. Better yet, multiple existing solutions can be replaced with a single, more modern, more impactful solution.
Achieving greater value with fewer suppliers
Consolidation can save money, reduce complexity and open up new areas of benefit and efficiency. It’s a trend that many security teams are taking advantage of as they experience the double whammy of budget pressure and increasing threat surfaces.
But reducing the number of point solutions is not a solution in itself. Those systems were deemed necessary by your team at some point, so while eliminating them removes a resource and budget burden, it opens up the possibility that some things will slip through the cracks.
A holistic approach to security focuses on reducing overall risk, so try to close gaps while consolidating tools and vendors. Each tool and its benefits must align with significant risk in the security framework. In addition, each tool must reduce overall risk, show a measurable reduction in risk, and be able to maintain that risk reduction.
The bug bounty programs offered by EpicBounties can help you evaluate how your other solutions and services are helping your security. You may find that you can eliminate other tools and vendors and, at the same time, gain more information that helps you save time and money.
For example, COVID-19 added more stress to security teams as criminals saw an opportunity to profit from the resulting chaos. Large companies such as Stacbucks and Verizon Media relied on bug bounty programs to help fill gaps in their services caused by downsizing.
Identifying and assigning return on investment to the multitude of cybersecurity tools in your ecosystem, while understanding your attack surface, is an enlightening exercise, especially since new security breaches are likely to expand during any digital transformation. But it requires more effort from your already overburdened security team. Hacker-driven security solutions can help identify breaches and consolidate point solution tools into a single platform for ease of management and to measure ROI.