Cutting Business Expenses Shouldn't Include Cybersecurity

Security budgets are being impacted by the COVID-19 pandemic.

Edward Gately, Senior News Editor

April 17, 2020

9 Min Read
Cybersecurity Roundup, security roundup

The COVID-19 pandemic no doubt is increasing strain on organizations’ budgets, but cutting business expenses shouldn’t include cybersecurity.

A new PwC survey of more than 300 U.S. finance leaders reveals the financial measures top U.S. business leaders are evaluating to minimize and manage business impact, including cutting business expenses.

More than half are considering deferring or canceling planned investments. Of planned initiatives, 2% are considering cybersecurity and privacy budget cuts, while 53% are looking at reduced IT spend.

Twenty-five percent may scale back digital transformation initiatives. This is surprising given the number of businesses forced to expedite remote working connections and capabilities over the last month.

Security budgets are being impacted by both the COVID-19 pandemic and budget cuts in several ways, said Bob Layton, Digital Defense‘s CRO.


Digital Defense’s Bob Layton

“IT budgets are based upon a percentage of revenue and corporate forecasts are unclear right now,” he said. “The work from home (WFH) necessity is re-prioritizing IT budget dollars toward infrastructure purchases to just keep running. Evaluation of public and private clouds for simple connectivity and scale are hot discussion topics. “

The end-user experience of WFH is pushing security to the second or third priority, Layton said. Channel checks and surveying of Digital Defense’s top customers shows security is still a priority and spending is steady. However the immediate priority is responding to home workers.

Once the workforce gets productive in the present environment, security will rocket right back to the top. This is likely a mid-Q2 bounce to watch for, Layton said.


Keyfactor’s Jordan Rackie

Jordan Rackie, CEO of Keyfactor, said these unusual and unprecedented business circumstances have created a “new level of cyber risk for companies building a new level of connectivity.”

“Many companies had some level of remote working infrastructure, but many others didn’t,” he said. “The mass and fast move to remote working environments meant that IT teams had to pivot quickly to get employees online and minimize operational downtime. What started as a short-term project now looks like a longer-term reality. ”

Security already was a continuous battle for every business, Rackie said. Now that companies are shifting to long-term remote working infrastructure, security is priority one, he said.

“More connections mean more risk — it’s as simple as that,” he said. “The natural knee-jerk response to an economic stall like this is to pare back budgets across the board, but the reality is that one expired certificate, one compromised connected device can cost more in downtime, lost revenue and brand value than any potential savings can produce.”

This crisis has overwhelmed IT and security teams managing onsite to offsite work transitions and security, Rackie said. Outsourced tools cost less than trying to recruit, hire, train and ramp up more in-house staff, he said.

“The pressure on IT teams is only going to grow as organizations build out their long-term remote infrastructure with new systems, applications and devices,” he said. “The problem is all those additions to the company’s environment to help remote workers cope adds new connections that can be compromised. All connections need to be tracked, managed and monitored continually to mitigate risks. The best path at this point is to do an audit, assess those connection points, and the tools and solutions you’ve got in place to manage them, then determine the best path forward that’s secure and cost effective.”

Businesses and cybersecurity executives are using this period to accelerate digital transformation, not scale it back, Rackie said. The key is managing and securing the new applications, systems and devices supporting digitization, he said.

“By no means should any company consider reductions in endpoint security, and identity and access management — their risk perimeter has just widened almost overnight,” he said. “If an organization has no other option but to cut their security budget, they need to make sure that any cuts are precise and reasoned. Eliminating or reducing security spend could open a number of security holes and compromise other systems in place that keep the network and assets secure.”

While cutting back isn’t ideal, it does provide an opportunity to evaluate the way they’re managing their security, Rackie said.

“The advice I’d offer to business leaders and CFOs is to resist the knee-jerk option to…

…reduce security spend,” he said. “Look at your systems, assets and other connections, and understand all your organization’s use cases when it comes to security. Taking the time to start or update that matrix will go a long way in ensuring you’ve got the right level of security in place and a realistic budget that makes sense.”

Security risks are increasing as the attack surface expands to home offices, Layton said.

“Most corporate IT users are not road warriors and their desktops, laptops, mobile devices, applications and network access was not designed to securely operate outside the corporate office,” he said. “What is the biggest risk?  Ungoverned personal device use and lack of corporate use policy being enforced. The rush to get users online without a rigorous IT use policy or plan for security is opening lots of back doors to corporate networks. Keeping everyone working at any cost has the potential to push security aside — hopefully only briefly. Got security? You sure? Be careful.”

KnowBe4 Adds Email Quarantine Feature

KnowBe4 has launched PhishRIP, a new feature to its PhishER product to help security professionals remove, inoculate and protect against email threats faster.

Technical controls do not filter out all of the malicious emails that come into a user’s inbox, the company said. Research shows phishing, spam and malware attachments still make it through email filters.

An organization’s users report suspicious emails using the KnowBe4 phish alert button (PAB). PhishER categorizes the emails as clean, spam or threat based on configuration settings.

From there, PhishRIP looks at any user-reported message in PhishER. It searches and optionally quarantines similar messages across all the users’ inboxes within an organization.

Any messages found then are ready for further analysis, quarantine or permanent deletion by the incident response team.


KnowBe4’s Tony Jennings

Tony Jennings is KnowBe4’s senior vice president of global channel sales. He tells us partners are looking to demonstrate additional value to their customers and “need to offer affordable products to help customers manage increased security risks from users working remote, plus increased phishing attacks they are experiencing.”

“With PhishRIP offered as an added functionality provided at no additional cost in the PhishER platform, this gives partners an opportunity to help their current customers take advantage of new features and allows them to expand their offering to new customers looking for a way to quickly identify and remove suspicious emails from users’ inboxes,” he said.

“No matter what percentage of malicious emails get through to users’ inboxes, you have to remember that it only takes one wrong click to potentially compromise an entire organization,” said Stu Sjouwerman, KnowBe4’s CEO. “Especially during a time when IT departments are being overwhelmed with extra work and risks due to users working from home, it’s critical to help security professionals to automate some of their processes and identify threats faster.”

Respond Software Rolls Out EDR Data Analysis Support

Respond Software unveils analysis support of endpoint detection and response (EDR) data from Carbon Black, CrowdStrike and SentinelOne via Respond Analyst, a virtual cybersecurity analyst for security operations.

The software uses integrated reasoning to monitor and triage security events in near real-time. Respond Software is applying this approach to EDR data to reduce the number of false positives and create security insights.


Respond Software’s Matt Eberhart

Matt Eberhart is Respond Software’s vice president of global sales. He said Respond Analyst is a “great opportunity” for VARs to engage with existing customers.

“Security point solutions all create high volumes of alerts, and to unlock the value of these solutions, the customer must be able to understand and take action on the alerts,” he said. “This is difficult on a good day, and even more challenging when security teams are overloaded with work or working from home like they are today. We automatically investigate alerts from security solutions and then escalate a small number of incidents with all the situational awareness needed to take immediate action. The Respond Analyst works 24×7 to identify and investigate security incidents, freeing up your team from time-consuming and repetitive tasks so they can focus on protecting your business.”

Most security tools and services require complex implementations and ongoing tuning before delivering value, Eberhart said. They’re also expensive, he said.

“The Respond Analyst installs in under a day and doesn’t require complex tuning, rules or playbooks,” he said. “Our analyst immediately…

…starts to research alerts, turning them into enriched events, and using robotic decision automation to deeply understand if response is necessary. If response is necessary, fully scoped incidents are presented to your team with the situational awareness needed to take immediate actions. Immediate automation, no playbooks, almost no false positives plus on the job learning — just like an expert human.”

SonicWall Unleashes Boundless Cybersecurity

SonicWall ‘s new Boundless Cybersecurity model is designed to protect and mobilize organizations, large enterprises, government agencies and SMBs operating in a “new business normal.”

Workers prove to be less secure when working from home, leaving companies more exposed than ever. The platform stops the most evasive cyberattacks across endless exposure points, the company said.


SonicWall’s HoJin Kim

HoJin Kim is SonicWall’s vice president of global channel sales. He tells us Boundless Cybersecurity opens up much more opportunities for partners to help address customers’ cybersecurity business gaps.

“As customers struggle to keep their remote workforces productive and secure, our partners are leveraging SonicWall’s portfolio to help customers carry on their business during this time,” he said. “Partners are finding that customers are seeing increased risk from an ever-growing number of attack vectors, while still running into resource and economic constraints to combat that risk. Our partners are helping their customers by delivering complete solutions from SonicWall.”

Boundless Cybersecurity helps further position SonicWall partners as experts in their customers’ businesses, Kim said. It’s centered around “knowing the unknown, providing customers with unified visibility and control, and disruptive economics” so customers can meet all security needs while staying within budget, he said.

“By leveraging the increased demand we are seeing for our remote work-from-home solutions, our partners are able to broaden their discussions with their customers around our Boundless Cybersecurity messaging,” he said.

The SonicWall SecureFirst program has added 1,100 new partners since February, bringing its total to more than 21,500 globally.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like