Breaches are on the rise and cybersecurity remains a top priority for most organizations, but security executives still need to contend with Covid's continued toll on the economy. As budgets shrink, rethinking spend for 2021 has become an essential element for success.
Back to Basics
Solid configuration management and timely patching are the best safeguards money can buy. If funds are low, make it a year of process improvement and policy redesign, or invest time operationalizing open source tools and scripting for efficiency.
Focus on what matters most. Starts by eliminating overlapping products and making sure that new investments are directed at capabilities that are most lacking. The weakest link is the area with the least coverage, so don't think twice about another year with a tool that has fallen out of fashion but still gets the job done.
Make A Case
Justify spending by making sure it stays in line with Business needs and overall strategic directives. Be prepared with charters, plans, bids, and other documentation to show projects have been thoroughly thought through and to demonstrate their value proposition. Explain risks that will be mitigated, the impact of delay, and include alternative plans which may be less than ideal but can still achieve some of the goals.
Think Outside The Network
Remember that the biggest threats to cybersecurity and business continuity often exist outside the enterprise. Strengthen risk management practices that govern data as it exits the perimeter to cloud environments, hosted applications, and external partners.
Invest In People
Technology is only as good as the people behind it, so always choose people over products. Invest in the talented hires and do everything possible to retain them, even if that means allocating extra funds for training, extra perks, and team building activities.
Leave A Cushion
Whatever the operating budget, make sure emergency funds are reserved to contend with new risks and unforeseen circumstances. Cyber threats change quickly and leaders need flexibility throughout the year to address them without impacting planned initiatives.