Economy’s Crummy? Here’s How to Leverage it for Better Security Posture 

Posted by: Uri Levy
July 20, 2023
Getting your Trinity Audio player ready...


Companies are like governments – and people, for that matter: when times are good, they tend to expand. When there are extra tax revenues, new programs spring up – roads get paved, playgrounds get built, jobs are added, processes expand, systems are upgraded, departments divide and subdivide like amoebas. Organizations grow to ‘pleasantly plump’ proportions…until the inevitable contraction.

Let’s be clear: challenging economic times are never good. At the same time, like so many inherently negative situations, they can result in good things. Downturns are a compelling event for organizational leaders. It’s a chance to make the organization leaner while at the same time either accomplishing the same or (ideally) even more. 

Cybersecurity is no different. In economic climates like the one we find ourselves in currently, security leaders are being asked to closely evaluate their spending without sacrificing risk levels. But can cybersecurity do more than just merely survive  in lean times? Can it thrive? 

In fact, it can. Here’s why:

Downturns: Good for IT and Security?

For IT and other non-security teams, growth periods mean new systems to roll out, new services to launch, new business models to ramp up, and an ongoing mad dash to support organizations rushing to snap up opportunities in a flush market. To meet these demands, teams buy more storage, beef up computing resources, add more staff, and go into overdrive.

In good times and bad, there’s a love-hate relationship between IT and Security. In the best of times, cybersecurity requirements can slow IT’s business response. This means that in companies where CISOs don’t build friction-reducing joint IT-Security processes, friction peaks. Yet in downtimes, the pressure gets dialed back somewhat. IT gets to move a bit slower as budgets scale back, new services are rethought or put on ice, and the pace is less frenetic.

And here’s the dual benefit: as IT is able to take its foot off the gas, Security can breathe easier, too. First off, there’s less need to pursue IT for services that might otherwise be difficult to obtain owing to the sheer volume of demand. But also, there’s a long tail of issues that were never quite handled during flush times, just waiting for IT and Security to jointly swoop in and resolve. From patching to risk analysis, from vulnerability prioritization to attack path management – during downturns both IT and Security may have fewer toys, but they’ve also got more mindshare to fix everything that was previously unfixed owing to time-to-market considerations.

Making a Dent in the Big Disconnect

A good example of something likely to be mitigated (if not altogether solved) in bad times is what we at XM Cyber call the Big Disconnect

What is ‘the Big D’? Although organizations have various tools that can identify misconfigurations, vulnerabilities, permissions, and user activity – they still lack visibility into how these factors align from an attacker’s perspective. And despite the flood of alerts flowing into the average SOC, organizations still struggle to determine which of these pose a threat to their critical assets. 

What’s more, organizations may have cloud protection in place, yet remain unaware of an entry by someone with unauthorized access. This is the Big Disconnect: because despite massive investments in top-tier tools, organizations are still unable to ascertain the overall security of their network.

There are hundreds of thousands of unaddressed and siloed issues in an average corporate network. And while the vast majority of these are innocuous, since IT can only address 2-5% of them it’s hard to know which are not. This bottleneck, largely resulting from a lack of update/patch capacity, is one of the key foundations of the Big Disconnect. Even automation hasn’t yet effectively moved the needle for IT – because updating and upgrading production services simply can’t be done blind. Analytics can be effective in closing the gap – but statistics and algorithms always come with caveats, and enterprise-grade production systems can’t afford to gamble.

So, during downturns, when IT has a bit less pressure, they’re able to work with Security to implement new frameworks designed to make a dent in the Big Disconnect – without making a dent in budgets. For example, the framework that Gartner is calling Continuous Threat Exposure Management (CTEM). CTEM solutions help organizations maintain continuous vigilance over hybrid networks by viewing them through the eyes of an attacker. This allows Security and IT teams to spot potential attacks before they happen by uncovering hidden attack paths to critical assets across cloud and on-prem – eliminating blind spots and resource-sapping guesswork.

The Bottom Line

During challenging economic times, cybersecurity leaders have an opportunity: make the organization leaner while maintaining or even increasing productivity. They can raise efficiency and lower risk without raising CapEx and OpEx. This means that cybersecurity can both survive and thrive in downturns, while the IT-Security relationship can become better aligned, too. With the right tools and (more importantly) the right attitude, economy and efficiency in cybersecurity do not have to be mutually exclusive.

Uri Levy

Uri Levy is a seasoned cybersecurity executive with a successful track record in the strategic and operational turnaround of technology and cyber companies. Over the past 15 years, he has built and managed leading network and security solution providers, and consistently achieved sustained growth and brand leadership.

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.