The rapid economic developments that the world has witnessed, from last year 2022 in particular, until now, have imposed a set of obstacles in front of businesses, especially with rising prices and inflation rates, which imposed the commitment of many central banks around the world to monetary tightening policies (the sum of the measures that central banks follow to reduce the demand for money) and to raise interest rates, which affected the financial situation of many companies, due to the high cost of debt.
These difficulties faced by various institutions have raised doubts about the extent to which they can meet and invest in cybersecurity requirements (whether in the human factor, investing enough in cybersecurity measures, etc.) alongside the financial pressures they face. exposed, under current economic conditions, to slower growth.
6 issues
Professor at the Faculty of Computing and Information Systems at Canada’s Athabasca University, Cheng Tan, identifies in statements exclusive to the “Sky News Arabia Economy” site six fundamental risks resulting from the slowdown in economic growth that affect directly “cybersecurity” for various institutions, and leads to a group of serious threats. Accordingly, these are:
- Insufficient funding 2. Shortage of talent.3. Increase attack fields.4. Lack of security awareness.5. “Third party” risks6. Regulatory compliance challenges.
A professor from the College of Computers and Information Systems at Canada’s Athabasca University explains these risks in detail, as follows:
First – Insufficient Funding:
Budget constraints during an economic downturn can hamper organizations’ ability to invest adequately in cybersecurity measures. This poses a significant risk, as cybersecurity requires continuous investments in advanced technologies, qualified personnel and continuous training programs. Without adequate funding, organizations can struggle to implement effective security controls and keep pace with emerging threats.
Second – Lack of talent:
Economic crises can lead to downsizing, which can affect the availability of qualified cybersecurity professionals. And with limited resources, “organizations may not be able to attract or retain top talent,” leading to skill gaps in their cybersecurity teams. This lack of expertise can affect incident response, threat detection, and overall security posture, making the organization more vulnerable to cyberattacks.
Third – Increase Attack Zones:
Economic downturns often lead to remote working policies, with cost-cutting measures and increased reliance on digital platforms.
These expanded attack arenas provide more opportunities for threat actors; To exploit vulnerabilities, gain unauthorized access. Rapid adoption of new technologies without proper security assessments can also create additional risks, particularly if security considerations diminish during financial crises.
Fourth – Lack of Security Awareness:
During a financial crisis, organizations may prioritize financial survival over employee security awareness initiatives. This can lead to a lack of cybersecurity education, training and awareness programs. Without a strong security culture and a clear understanding of employees, the risk of falling victim to attacks, phishing, and other forms of cyber threats increases dramatically.
Fifth – Third Party Risks:
Economic downturns can affect the financial stability of vendors, suppliers, and partners within an organization’s supply chain. Weaker entities can shorten cybersecurity measures, which can compromise sensitive data or systems shared with the organization. This highlights the need for comprehensive third-party risk management practices to identify and address vulnerabilities resulting from financial crises.
Sixth: Regulatory Compliance Challenges:
Economic crises can lead to regulatory changes, changes in compliance requirements or delays in implementation. Organizations can struggle to keep up with changing regulations and maintain compliance during these times. Failure to meet compliance standards can lead to legal and reputational consequences, requiring organizations to prioritize compliance efforts even in times of economic uncertainty.
In this context, the British newspaper “Financial Times” quoted George Kurtz, CEO of CrowdStrike (an American cybersecurity technology company based in Austin, Texas), as saying: “Cyber ​​threats to businesses do not go away in a downturn. economic”.
Cybersecurity jobs
On the other hand, a previous study conducted by ISC2, a non-profit organization specializing in the training and certification of cybersecurity professionals, stated that the vast majority of companies seek to maintain cybersecurity jobs despite current challenges. , as following :
Nearly 50% of senior managers (Germany, Japan, Singapore, United Kingdom and United States of America) said they were likely to lay off workers due to the recession expected this year. Only about 10% of organizations said cybersecurity-related jobs were likely to be cut (compared to an average of 20% in other regions). For example, in Singapore, 68% of organizations strongly believe that layoffs will be needed as the economy slows, but only 15% of companies are likely to cut jobs in cybersecurity, compared to other sectors such as human resources (32%) and marketing. (28 percent). The results of the study indicate that business leaders no longer view cybersecurity as a good job only when a budget is available, but rather that it has become “a critical asset that brings real value to businesses.”
proactive measures
Returning to the professor from the Faculty of Computing and Information Systems at Canada’s Athabasca University, with the “Sky News Arabia Economy” website, he says: “In general, realizing the unique challenges posed by financial crises, organizations can take proactive measures to mitigate risk and maintain a strong position.” For cybersecurity…I think the most effective way to deal with the economic downturn and cybersecurity risks is to lean on or move to the cloud.
He continues, “Adopting or migrating to the cloud can be an effective strategy to improve cybersecurity and reduce costs for organizations.
A “cloud migration” strategy is an organization’s plan to move its data and applications from on-premises infrastructure to the cloud. In his interview with “Sky News Arabia Economy”, Qing Tan explains the aspects of the importance of this strategy, in a number of points, the most important of which are:
Leverage the expertise of cloud service providers: This allows organizations to focus on their core business while relying on the specialist security knowledge of the cloud provider. Robust security infrastructure: The cloud environment is designed to provide high levels of security and protection against common cyber threats. Ongoing security updates: Cloud service providers actively monitor and update their security measures to address emerging threats and vulnerabilities. Flexibility and scalability: Cloud platforms provide scalability and flexibility, allowing organizations to adjust their infrastructure and resources according to their needs. Improve resilience and disaster recovery: Cloud environments often have built-in redundancy and disaster recovery mechanisms. By using cloud services, organizations can ensure that their data is backed up and replicated across multiple locations and protected against various types of disruptions, including cyberattacks. Cost effective compared to traditional on-premises infrastructure: Cloud services can provide cost advantages over traditional on-premises infrastructure. Organizations can benefit from the economies of scale offered by a cloud provider, reducing the need for large upfront investments in hardware, software, and maintenance.
“Despite these benefits, it is important to note that cloud adoption does not absolve organizations of their responsibility to ensure appropriate cybersecurity. Organizations should still assess and understand the shared responsibility model with the cloud provider, implement implementing appropriate access controls, managing user privileges, and regularly monitoring and auditing their cloud environment to discover and address potential security vulnerabilities.
Read the Latest World News Today on The Eastern Herald.
