Introduction
With increased inflation, and federal interest rate spikes, a self-fulfilling prophecy for recession seems to be underway. Although it typically comes with a negative connotation, successful organizations know that recessions serve as an opportunity to come out stronger by the end of it. Regardless of current economic conditions, you should have plans for any circumstance.
During a recession, organizations are presented with a rare opportunity to harden existing products and services. When times are good, there’s more pressure on companies to get things done as quickly as possible-regardless of whether they’re doing them right or not. It’s a different story during recessions: there’s no pressure from customers who can’t afford your service or product, so you can take more time making sure everything is implemented properly before moving on to the next task.
The closest you’ll ever get to landing the plane to make repairs is now.
Why spend money on cybersecurity during a recession?
The answer is simple: cybersecurity is a growing concern, and it’s an area where companies can differentiate their products or services. There has been much speculation about how the world economy will play out from here on out, but one thing seems clear: businesses are going to continue competing for customers.
As your business expands, it’s only natural your attack surface does as well, as day-to-day operations carry inherent cyber risk. Investing in systemic changes that reduce the risk introduced to your organization will provide you with the infrastructure you need to scale multiple times over. It’s an investment in your company’s future.
When businesses rapidly accelerate growth in positive economic conditions to match their competition, cybersecurity is often an afterthought or a “nice-to-have”. It becomes a bottleneck as you engage with partnerships with low-risk tolerance organizations, stifling growth potential.
You should always assume a breach is imminent, therefore, reduction of impact and likelihood should be the goal.
Where to start?
Focus internal resources to mature the basics:
- System Patch Management — If you’re already doing it manually, establish the required infrastructure to automate this. Patching enables you to fix security vulnerabilities if any exist in your applications or infrastructure and helps prevent attackers from successfully exploiting them, subsequently also improving its reliability
- Software Dependency Upgrades — This should be automatically done after every major release of a software package has been deployed successfully on staging servers (you know what I mean!). Reduce busy work and provide improved peace of mind.
- If you’re a modern organization that relies on out-of-date software for core functionality, this is an opportunity to make scalable architectural changes.
- Threat Modeling: As new initiatives have reduced pressure to release, establish a habit of doing it right the first time. Perform collaborative threat modeling with security and product teams. Educate and learn from each other. As an output, you should have easy-to-understand prioritized security controls. Assign accountability through your SDLC process.
- Establish automated security control testing: Set yourself up for future success. Treat each security control as you would a software feature. Develop a full suite of unit, regression, integration, and end-to-end tests that include your security controls. Although it seems like more work, this reduces the risk of these controls becoming ineffective as you grow, saving you time and effort in the long run.
Conclusion
Investing in cybersecurity has never been more important. The recession has brought with it many opportunities for businesses to take stock of where they are and where they want to go. Doing so successfully will provide your organization the platform it needs to skyrocket once economic conditions inevitably improve.
Originally published at https://www.linkedin.com.
