Cybersecurity: Recession-proof?
Although the macroeconomic outlook for 2023 looks rather bleak, the cybersecurity industry has usually stood strong and resilient in spite of periods of uncertainty, and much of the same is expected into the next year as well
Recessions are the playground for cybercriminals. Back during the Great Financial Crisis of 2007-08, the FBI noted a 22% rise in online crime reports between 2008 and 2009. Regulatory Data Corp Inc., a part of credit rating firm Moody’s, saw a 40% rise in cybercrime in the two years following the 2009 peak of the recession. Research from McKinsey and Co. has found that between 2007 and 2009, the revenue growth of cybersecurity firms was up to two times that of other software companies.
As an increasing number of businesses are bracing themselves for the vagaries of a recession in the coming year, C-suite professionals and security leaders in firms worldwide are now preparing for much of the same in terms of cybercrime – but the pressure is on to do more with less, and to boost their cyber resilience to reduce the potential for disruption. As tech news conglomerate VentureBeat eloquently puts it, “the writing on the wall is that cybercriminals will never let a good crisis go to waste.”
A worsening skilled-talent shortage
The cyber skills gap in most firms is set to get much worse as economic uncertainties cause organisations to pause on hiring new talent and even cut existing jobs.
The inevitability of a looming recession will cause a substantial reduction in spending on training programmes – thereby affecting both the quality and quantity of employed personnel – despite the general idea of cybersecurity being a recession-proof industry. Firms that cut coats and do not take on new security hires are not only likely to exacerbate their cybersecurity skills gap, but are also likely to rely more heavily on monitoring and analytics-based solutions to prevent security incidents. According to John Pescatore, director of emerging security trends at US-based cybersecurity training firm SANS Institute:
“Usually, the first impact [of a recession] is that new hiring gets postponed. Operations staff productivity can often be increased by the use of security monitoring and analytics tools, many of which are open-source and don’t require acquisition spending.” These solutions do, however, ‘require analyst skills’, meaning that organisations will need to invest in staff who have said expertise to configure and use these tools to their full potential. “Investing now in those skills will have many benefits later, including reduced analyst turnover,” he opines.
Upskilling may be a major aspect to consider in this regard, as organisations look to hire internally from their existing IT staff who already have an existing hands-on knowledge and expertise in how the firm works. Transferring them to security roles can give firms the flexibility needed to use said abilities and eliminate the need to cut workers.
The role of automation and AI
Automation processes can help employees throughout the organisation in increasing the productivity of the existing staff. This holds especially true for aspects such as cybersecurity, as the lesser time that employees and security professionals spend on repetitive automatable tasks, the more they can do in providing value in other business areas. VentureBeat cites Digicertresearch in this regard:
“One potential use case for automation is digital certificate management. Research shows that the average enterprise manages more than 50,000 certificates. If one of these certificates expires, it can not only contribute to service disruptions, but provide threat actors with an opportunity to breach critical systems.
“By leveraging automation, security teams can automatically manage certificates’ lifecycle and deployment. This offers many benefits, including decreasing the risk of operational disruption and data breaches, while freeing up analysts to focus on more high-value tasks like threat hunting.”
With average data breach costs rising to over $4 million per breach in 2022, it is now more important than ever to ensure that enough attention is paid to prevention. Using AI and ML to find and intercept risky actions and unusual behaviour throughout the environment is essential in identifying malicious entities before they can gain foothold and access to critical data assets.
Though AI and deep learning solutions have revolutionised prevention capabilities and given security teams the ability to prevent novel attack types, Gartner opines that firms investing in AI should remain sceptical around the hype. Generally, some of the key aspects where AI turns out to be rather beneficial in terms of prevention include the identification of attacks, the reduction of false positives and streamlining an organisations’ detection and response functions.
Although the financial and macroeconomic outlook for 2023 looks rather bleak, the cybersecurity industry has usually stood strong and resilient in spite of periods of uncertainty, and much of the same is expected into the next year as well.
Know more about the syllabus and placement record of our Top Ranked Data Science Course in Kolkata, Data Science course in Bangalore, Data Science course in Hyderabad, and Data Science course in Chennai.
