The phrase “time is money”, originally attributed to Benjamin Franklin, reprimands the slothful for wasting their working hours. As one of the founding fathers of the United States, Benjamin Franklin clearly never worked a day in Cyber Security. This is an area where fresh blood is hard to find in an ever-expanding digital world of proactive threat actors and potential breaches.

It is understood that departments are busy, resources are stretched more than they ever were, and very few businesses are cash-rich right now. Whilst there is pressure on every business unit to limit resources, the cybersecurity team, in particular, must be aware of achieving success without compromising the security of the organisation.

Our six steps for an organisation to reduce how much they invest and save on Cyber Security solutions, whilst maintaining a proactive and risk-based approach to securing your organisation are presented below:

1. A solid monitoring solution - Taking a “risk-based” approach to cybersecurity is an obvious first step. As opposed to being reactive, digital security departments have to assume that cybercrime is inevitable. This is a methodology backed up by current statistics where, at the time of writing, attacks are rising at more than 6% a month. Recent events are a call to action for company leaders to take risk management seriously and for them to invest up-front in security teams to prevent exponentially increased expense and potential disaster later.

Treating security like a game of “whack-a-mole” is expensive and time-consuming. Departmental knowledge may be focused on reactive rather than pre-emptive cybersecurity. Knowledge is power and creating a posture of risk reduction through awareness means fewer surprises and less responding to trends, headlines, and blind emergencies – which all cost precious resources and unpredicted costs.

2. Ensure reductions in false positives - Security teams engaged in monitoring can’t be expected to react to every potential threat, as there could be tens of thousands or more of these a day. They need to react to what is real, immediate, and important, to optimise human assets and to prevent fatigue in your security team.

A system that delivers relevant data, with fewer false positives, is important for saving time and resources. The output is that security teams are reacting with clear guidelines as to what’s important, and clear advice on how to react accordingly, not what could be and might be. This leaves critical capacity for our cybersecurity practitioners to work on the myriad of other things that daily require their attention.

3. Only pay for the tools you use - When did you last conduct a review of the tools you use? Reviewing what you require to operate and unifying these tools into one easy to navigate dashboard provides financial savings and a reduction in maintenance, training, scheduling, and manpower.

4. Reduce your company threat landscape - By putting less risk in the hands of your colleagues, you naturally limit the threat surface. If they can’t visit unsecured websites, then that danger is removed from the equation. Effective global privacy settings across the enterprise can drastically reduce the chances of your staff picking up malware or viruses.

A Zero Trust Policy granting only those who need it access to specific websites and functionality, can mitigate a lot of potential problems. Implementing a good spam email blocker to weed out emails containing links to malicious websites that might steal credentials or install malicious code is an excellent preventative strategy that, for a small investment, can save wasted time and expenditure in the future.

5. Cybersecurity automation - The bulk of cybersecurity operations traditionally require human intervention. Threat Monitoring solutions can detect, investigate and classify incidents (with or without human intervention) by identifying potential issues, assign priorities and alert stakeholders (allowing first responders to action them in a timely fashion). Other areas for possible cybersecurity automation might include the detection of threats already existing within your network, extraction and collection of data for reporting, automatic software updates and sensitive data (cardholder data and PII) to name a few. It is imperative that your team also maintains a monitoring watch upon the security investments purchased.

How many staff do you have tied up in compliance reporting? How many hours do you spend on security audits a year? What’s the average number of hours a year you spend juggling database logs? This is all easily streamlined, as are many other tasks, with the right cybersecurity automation systems. Automation affords fewer errors, optimizes decision-making, and is both efficient and cost-effective. It can also work to fill the current industry talent shortage gap within many Cyber Security teams and is inherently 24/7/365.

6. Educate your staff - Human error is one of the most significant cybersecurity vulnerabilities. Usually through inadvertent mistakes, humans are the biggest threat to the cyber health of any business. Reducing the chance of human error when handling organizational data makes it inherently more secure.

Making your colleagues aware of the practice of phishing scams and good IT security practices, through basic internal training in conjunction with your HR department, can save time and resources later. Half a day of creating a video voice-over to go over a few easy-to-understand slides, showcasing the importance of cybersecurity and your company policy, is priceless compared to the cost of a ransomware breach.

Conclusion

Simple savings in both manpower and budget can make a big difference to your efficiency and security posture. Automation, education, and consolidation can make a big difference in ongoing (and surprise) financial and resources outlay. A small investment now can, and will, reap savings further down the line – plus provide a more secure security posture whilst filling potential skill gaps.

Efficiency is the way to save time AND money, thus saving resources.

Put that in your pipe and smoke it, Ben Franklin.