Cutting down security budgets now can have a significant impact
According to a PwC survey, executives are looking at ways to manage the business impact of the COVID-19 epidemic. This includes cutting expenses and deferring or canceling planned investments. Of those planned initiatives, approximately 5 percent are spending cuts on cybersecurity and privacy.
While cybersecurity might seem to be a possible area to reduce spending, a study by Barracuda Networks has found that “nearly half (46 percent) of the global businesses have encountered at least one cybersecurity scare since shifting to a remote working model.”
Cybersecurity expense reductions bring with it risks far beyond putting the business at risk; it transcends to profitability, growth, and brand image. Infosecurity cites some interesting risk statistics from its survey to highlight how these budget cuts can impact your business:
-
Of the 1,000 business decision-makers surveyed, around 51 percent agreed that their employees aren’t proficient or well-trained for cyberthreats that are associated with remote work.
-
This survey also revealed that a majority of these businesses (46 percent) aren’t sure whether their web apps are secure or not. In fact, almost 50 percent are allowing their employees to use personal devices and email addresses for work at home.
-
These stats are alarming since 56 percent of those surveyed plan to continue remote work even when the pandemic crisis is over. Almost 53 percent have plans to migrate completely to a cloud model.
With these many organizations shifting toward a remote work model, it’s critical to get security right for applications and shared networks.
Beyond general cybersecurity, when it comes to applications, the risks can be significant. The Aite Group conducted a study to analyze financial institutions’ mobile consumer apps. What they discovered was a systemic problem of security vulnerabilities in applications that exposed source code, backend systems, personal information, and account credentials.
Why security should be built-in from the beginning
Secure coding should be the bread-and-butter for all applications. Organizations should build security in applications from the beginning to minimize vulnerabilities.
Yet some organizations have cut back on developer training or tools that assist developers in building secure code. The risk of leaving secure coding to each developer means that each part of the code might not be built right because developers are not security experts. As per Aite Group’s research, many of the mobile applications studied could be reverse-engineered making it easier for cybercriminals to access sensitive information inside the source code. Essentially, it left the code open to misuse that could lead to identity fraud, credit application fraud, or identity theft.
The research provided some interesting but disturbing insights about the mobile apps of 30 financial institutions:
-
Due to a lack of binary code protection in 97 percent of these apps, it was possible to analyze or tamper the source code through reverse engineering.
-
The majority of the financial services apps (90 percent) shared services with other applications on a device that allowed data access between these apps.
-
Data from these apps are usually stored in other locations as well, such as the mobile device’s local file, where the app has no control to protect this information. Almost 83 percent of the apps store data insecurely.
-
Implementation of weak encryption algorithms or the wrong implementation of a cipher was a common case with 80 percent of the apps in the study. This allows cybercriminals to decrypt data easily for manipulation.
How can organizations manage cybersecurity budgets?
As organizations continue to build mobile applications, the risk grows larger and larger. In fact, Verizon conducted a survey that found approximately one in three organizations had experienced a data breach related to a mobile device, and two-thirds of executives are not confident of their mobile security.
The impact of a breach to an organization can be significant — rendering the net effect of any cybersecurity “expense cutting” to be extremely costly to the business. As per Barracuda Network’s CTO, Fleming Shi, “Naturally, opportunistic hackers are on the lookout to target vulnerable organizations, which may have weak security infrastructure in place during this difficult time.”
“As many businesses enter their third month of remote working, it’s time they refocus efforts on tackling this growing cyberthreat. At this crucial time, one successful data breach could be the final straw for many businesses that are already facing an uphill battle against COVID-19. In the current threat-scape, it’s no longer a matter of if a company’s security will be tested by cybercriminals, it’s a matter of when” Shi noted.
This leads to organizations having to contemplate on how to manage their cybersecurity expenditure. It’s important to drive shareholder value and focus on your market share, but you need to think of cybersecurity as an enabler of your overall growth.
As businesses continue to thrive on new innovations and digital transformation initiatives, it becomes imperative to secure your digital assets and networks as much as possible. And if you’re thinking about your budget, implementing the right security solution can not only save costs significantly but ensure product security and speed to market. To start with, you can design products with security in mind rather than relying on patchwork to fix weaknesses.
Download our cost savings guide to learn how you can get significant cost benefits from proactive software security.