Back to Insights

Insights  |  July 3, 2020

COVID-19’s Impact on Cybersecurity Budgets

This post was originally posted by Adam Hofeler at IRONSCALES.

Over the past few years, you’d be hard pressed to find an enterprise that wasn’t increasing their cybersecurity budget on an annual basis. In fact, Statista estimates that the global cybersecurity market will surpass $248 billion by 2023, a surge of nearly $81 billion from 2019.

Such projections though fail to take into consideration both the temporary and permanent organizational changes caused by COVID-19. To get a sense for how the coronavirus will impact security spend, IDG commissioned a survey of IT leaders in April which found that:

  • 35% expect their budgets to decrease as a result of Covid-19 and the related economic downturn
  • 45% expect expense management to become their primary focus

Thus, CISOs, CIOs and those in charge of cybersecurity budgets now find themselves facing down a new predicament: how to effectively manage risk while reducing or maintaining costs to pre-coronavirus levels.

This is an interesting challenge when considering that the acceleration of remote work and the proliferation of phishing attacks prompted by COVID-19 has amplified the need for cloud-based security tools that help mitigate complex network, email and perimeter vulnerabilities.

Consolidating the email security stack

According to a Gartner study, “74% of businesses plan to permanently keep more employees out of physical offices after the pandemic.” If true, the cyber risks specific to remote work will continue even as some businesses go back to “normal.”

One way for security teams to reduce or maintain costs is by consolidating their existing security stacks. Today, it is estimated that enterprises have as many as 75 cybersecurity tools in their arsenal. Even under the principles of defense-in-depth, such a large number of disparate point solutions, many of which were not built to collaborate, orchestrate or integrate with each other, is potentially as burdensome as it is beneficial.

Email security is not immune to such oversaturation. Today, it’s not uncommon for enterprises to invest in phishing awareness training, secure email gateways and mailbox-level security (like IRONSCALES) in addition to authentication protocols like DMARC. However, such an extensive anti-phishing stack is usually unnecessary, even when considering that phishing emails account for 90% of all cyberattacks.

In the post COVID-19 world, security teams can look at their email security infrastructure when assessing consolidation. Here are three tips to help determine what anti-phishing technology should stay and what can go:

  • Embrace platforms over point solutions – As security stakeholders are forced to consider tough cuts to their stacks, it is important to first prioritize investments in platforms over point solutions. In cybersecurity, there are a number of tools built to solve small pieces of much larger puzzles. In email security for example, there are a number of point solutions on the market, including email sender identity verification, phishing awareness training and gateway-level SPAM filters, among others, that help reduce risk only from very specific types of phishing attacks while not addressing other threats.

    Interestingly, the price for point solutions is often comparable to those of more robust platforms even though the features and functionalities are not comparable. So, a significant cost savings can occur, without increasing risk, by focusing investments on a couple of robust cybersecurity platforms, like email security,  instead of dozens of point solutions that don’t address the totality of threats.

  • Increased automation sophistication – Today, many email security vendors make claims about the automation inherent to their products and services, but when you dive into the technology you discover that only partial automation is present. This is especially true of gateway-level filters that use YARA rules and playbooks, which introduce elements of automation but aren’t fully automated because human involvement is required to facilitate a response.

    In email security, there are three must haves of a truly automated solution: incident investigation, triage and remediation. These common tasks must be fully automated in order to address phishing emails in the short timeframe that is required to reduce risk. Importantly, full automation also frees up security team members to focus on tasks beyond phishing mitigation, which will be important for companies needing to reduce budgets.

  • Total cost of ownership (TCO) – When assessing email security TCO, the first question to ask is whether or not your existing solutions require heavy maintenance, ongoing deployment and ongoing configuration? For today’s enterprise, the most efficient email security tools integrate seamlessly with existing security protocols, day-to-day workflows and the entire cybersecurity ecosystem overall. Deployment is fast and integrations are simple, such as 3rd party malware protection engines for example.

IRONSCALES email security platform beats all anti-phishing point solutions

COVID-19 has impacted our world in so many ways, including how businesses will allocate cybersecurity expenditures. Moving forward, security teams will have some tough decisions to make in order to maintain or reduce their budgets while ensuring risk remains acceptable.

The IRONSCALES self-learning email security platform was purpose built as a best in breed solution with full automation at a prime total cost of ownership to help alleviate the burden of email phishing attacks. The platform includes:

  • Phishing simulation and awareness training
  • Malware and URL protection
  • Mailbox-level business email compromise protection
  • AI-powered phishing incident response
  • Virtual SOC analyst
  • Democratized threat protection

Based on a deep-rooted philosophy of humans and machines constantly working together, IRONSCALES comprehensive self-learning platform is proven to help businesses quickly identify, block, report and remediate all types of phishing attacks, freeing up time, money and resources to help with other important cybersecurity tasks.

Contact IRONSCALES today for a free demo and for more information about how IRONSCALES self-learning email security platform is the most effective anti-phishing tool for security teams needing to consolidate email security without increasing risk.

 

More Resources:
IRONSCALES Email Security Platform Now Prevents Fake Login Pages Designed to Steal User Credentials
IRONSCALES Announces Addition of Tammy Schuring to Advisory Board
To Zoom or Not to Zoom: Addressing a Crucial Cybersecurity Question