The biggest issue with cybersecurity is budget.

Every day, businesses work to maximize their bottom line—to do more with less, as it were.  This is an old way of looking at business, and it leads to what a friend of mine coined “technology debt.”  Technology debt can affect much more than application performance or your capital expenditures (CAPEX).  It can affect your overall business and ability to compete in the market.

The Way Companies Decide Budgets Causes an Issue with Cybersecurity

Twenty years ago, the biggest concern for businesses was making their profit margin and growing their business through hard work and marketing dollars.  If the work was good, and the marketing strong, the business would grow, and profits would as well.  This meant companies could spend money to enhance the product they sold and make their name stronger.  To make this effective, everyone received a budget.  That way costs would be minimized, and the revenue generated would be maximized.  Pretty simple concept and it was a cornerstone thought process in business strategies.

Fast forward to now.  Businesses are created and fail—almost overnight.  Sensations can happen in an instant, and a company can expand so fast that it cannot control the growth.  Some of the earlier concepts of business are still viable thought processes.  Spend money in marketing, maximize the revenue to grow the business, put money into R&D to enhance the product and increase industry or consumer adoption.  Where things vary is what I call the “Instant Aspect.”  People can now find businesses instantly.  So, everything is better with the Instant Aspect now, right?

The market landscape has changed so dramatically, but the business approach has not.  We are still spending our budgets on our specific growth tasks be it Marketing, R&D or personnel.  We even carve out budgets for technology and security now which is great…. Right?  Doesn’t that mean we are staying in tune with the market??

It means companies have heard, but have they really listened and understood? Technology is no longer how many desktops you have and what servers you need.  It is an organism.  It has taken on a life of its own and it’s a very demanding and hungry beast.  Creating a budget is no longer the correct approach.  It is incredible difficult to accurately create an annual budget for something that changes and evolves every 60 days.  Companies must look at things differently now.

Cybersecurity Needs are Changing the Game

Security tends to drive the need for technology upgrades.  Sure, we still look at the age of devices and try to squeeze out every single ounce of usability out of the gear we already have in order to maximize our CAPEX expenditures.  There is nothing wrong with that.  But when was the last time you looked at the technology upgrade situation with a strategy of enhancing security instead of CAPEX exhaustion?

Organizations cannot look at security as a line item in the budget anymore.  Companies who have are spending much more after they fall victim to ransomware, phishing, DDoS, or even the standard virus attack.  Recovery cost is always more than prevention cost.  It always is and always will be.

The good news is the cybersecurity industry has changed its approach to these security threats. We have gone on the offensive in a major way.  With threat hunting, sandoxing, Managed Security offerings, virus bounties, and SO much more, we have changed the market.  We have created an industry that is no longer vendor-focused, but threat-focused.  We have turned a defensive posture to one of prevention, detection, and eradication.

But, as with all things, this comes at a cost.  For the industry, it means viewing the organism as a business process and a business need, instead of a budget. For the technologist, it means hours and hours of research, testing, proving and learning “bleeding edge” technologies to stay current and knowledgeable in not only the available tools, but also where the bad guys will try to go next.

Eliminate the Budget Issue

So, the biggest threat to cybersecurity is the ever limiting and slow-moving budget.  A recovery bill will trump any line item budget you can think of, and its effect is far more than any dollar amount you can come up with in a budget. To stay competitive, companies must move beyond viewing cybersecurity as a simple line item.

The ADAPTURE cybersecurity experts can help your team manage your cybersecurity posture and identify the solutions you need to keep your infrastructure and data protected. While your budget shouldn’t hold you back, we’ll also help you optimize for cost, so you know that the investments you’re making are going toward your long-term viability.

The threat landscape is constantly evolving. Make sure you can adapt to keep up with it.

This post was contributed by CISSP and F5 Certified Technical Specialist Tim Cullen. Tim Cullen is an ADAPTURE Senior Security Solutions Architect specializing in information security and network architecture. Cullen has provided F5-focused consulting services for over 10 years and has participated in the creation of the F5 ASM Certified Technology Specialist 303 exam.