Global inflation can have, and is having, a significant impact on cybersecurity. As prices rise, organizations may be tempted to cut back on cybersecurity spending, making them more vulnerable to cyberattacks.
Additionally, inflation can make it more difficult for organizations to keep up with the latest cybersecurity threats. The cost of security tools and services is rising, and organizations may not have the budget to keep up. And let's not forget about the impact on finding and retaining talent; or layoffs that occur, pushing remaining resources (people) to the limit.
According to Forbes, the U.K.’s Office for National Statistics (ONS) placed the measure of inflation by the Consumer Prices Index (CPI) at 8.7% back in April. It is a figure that has decreased from 11.1% recorded in October 2022, yet it is still painfully elevated.
All of this makes it more difficult for organizations to protect themselves from new and emerging cyber threats.
Here are some specific ways in which global inflation can impact cybersecurity.
We asked a few practitioners for their take on rising inflation and how it is making their jobs keeping their organizations secure more difficult—and what they are doing to try to combat these issues.
"I think it requires taking a step back and assessing what you can do with less," said Chris Roberts, CISO and Senior Director at Boom Supersonic. "Too many folks focus on the technology as opposed to the people or process. When budgets tighten and we're still responsible for moving the security forward, we should look to the policies, procedures, and controls and which ones can we shore up, what can we do to block/tackle those things we've been putting off, etc. Also, let's face it, table top exercises don't cost anything."
Andrew Smeaton, CISO at Afiniti, says reassessment of cybersecurity programs and plans is necessary.
"Economic effects, including inflationary pressures, have had a broad impact across the InfoSec landscape," Smeaton said. "While each CISO's decisions are situationally dependent, I have used this as an opportunity to revisit the way I approach not only the budget process as a CISO but also how I present that budget for buy-in by leadership. This is more critical now than it's ever been."
Smeaton is speaking at SecureWorld Seattle on November 8-9 on "Insider Threats: A Multi-Pronged Approach to Protecting Your Organization" at 2:30 p.m. on Day 2.
Domestic and global inflation can have a negative impact on cybersecurity. Organizations need to be aware of the risks and take steps to protect themselves, even if it means increasing their cybersecurity spending.
Here are some tips for organizations on how to protect themselves from the cybersecurity risks associated with inflation.
[RELATED: Ransomware Incident Response: What Is It Like?]
"Reduced spending on cybersecurity doesn't have to equate to the inability to implement a certain control," said Krista Arndt, CISO at United Musculoskeletal Partners. "Reduced spending challenges us as security leaders to let go of our preconceived notions of what we had planned to do to achieve our goals, and opens up opportunities for us to collaborate with our teams on unique alternative ways to get there. There is always more than one way to the same end goal. 6 + 3 = 9, but so does 5 + 4. This could even lead to improved team satisfaction through supportive learning, personal growth, and new opportunities to contribute, and may also force innovation in problem solving that can be leveraged across others facing the same obstacle."
Arndt continued: "Organizations need to rekindle more significant resource allocations toward security awareness and training efforts. Attackers are more easily able to circumvent email security controls of even the most mature organizations through well-crafted social engineering tactics, resulting in stolen account credentials and ultimately account takeovers.
Attackers are even using legitimate file-sharing solutions to host malware so it remains undetected. The human element of security is the most difficult to predict and control, and, therefore, should receive attention in kind."
Arndt is the lunch keynote presenter at SecureWorld Dallas on October 26, speaking on "Drag Racing & Cybersecurity: The Crossover," as she shares her story of surviving a drag racing accident and how it changed her perspective on life, family, and work—and how it ties into cybersecurity.
Kimberly "KJ" Haywood, Principal Advisor at Nomad Cyber Concepts and Adjunct Cybersecurity Professor at Collin College, had this to say:
"Inflation is hitting organizations harder than ever. Many are facing multifaceted challenges. As cyber threats surge, the expenses associated with cyber insurance rise, adding to the financial strain.
Instead of downsizing amidst heightened cybercrime risks, consider a more innovative approach. Harness your current workforce for internal training through engaging simulations. Additionally, optimize your technology stack by evaluating existing solutions and exploring opportunities to expand with new modules or vendor collaborations. This proactive strategy can fortify your defenses without compromising your team's strength."
Haywood is on the opening keynote panel at SecureWorld Dallas on October 26, addressing "Implications of ChatGPT and Other Similar AI Tools."
Reanna Schultz is a cybersecurity professional and frequent SecureWorld speaker whose day job is as Team Leader of InfoSec at Garmin. These comments are her own and do not reflect those of her company, necessarily. Here's what she had to say about inflation, as it relates to team retention:
"In the current economy, achieving more with fewer resources is a common goal. However, job seekers often face challenges in interviews where job requirements appear overwhelming due to tight security budgets. To retain talent, it's essential to establish a clear vision, foster an innovative and inclusive culture, and invest in your team through mentorship and support. While these strategies may not solve every problem, they contribute to a positive work environment, boosting morale and motivation to overcome challenges."
Schultz offered these CISO tips regarding security awareness training:
"Security education is essential for building and maintaining human firewalls in the organization. To improve phishing awareness without overspending, begin by reviewing click percentages, aiming for growth if the rate is between 0-2%. To enhance the education program, assess the types of phishing attempts used, reducing complexity, and making them more relevant to users. Collaborate with the IT Service Desk and Security Operations Center for inspiration, analyze blocked threats, and stay updated with cyber trends to incorporate new phishing templates. Ultimately, nurturing the phishing program empowers users to recognize and report legitimate emails, reinforcing their role as the last line of defense against evolving threats."
On investment in tools, Schultz offered this advice:
"When evaluating business tools, it's crucial to ask:
Establishing guidance and standards before introducing a new security tool can facilitate the evaluation process and save time for everyone involved, including the vendors pitching their products."
~~~
Some additional related factoids around inflation: