IT cost-cutting mistakes to avoid
With technology as the saving grace during the pandemic, the importance of cybersecurity and technology as business-critical investments must remain according to our CTO Denis Koloshko in his chat with Top Business Tech.
It’s a dilemma that presents itself each-and-every-day in boardrooms across the globe — and the question of where to save money, won’t be one that disappears any time soon. In fact, in the current climate, the need to streamline has never been greater for many businesses, who are doing all that they can to hold their heads above water.
And there is no doubt that, for some, discussions will turn to their IT provision. They’ll question whether they really need the full suite of solutions that they currently pay for. Of course, they probably do — after all, the investment was deemed worth it, in less fragile economic times.
It’s also prudent to note that, beyond any doubt, technology was the saving grace for companies throughout the pandemic. Without it, the resulting economic damage would have been cataclysmic. And that’s why, more than ever, it’s a business-critical investment that should be protected at all costs.
However, regardless of this fact, there will be organisations which — due to financial instability — feel compelled to make cutbacks. But if those businesses heed just one piece of advice it should be this: cutting back on cybersecurity is always a mistake.
Opening the door to disaster
Behind every single system lay vulnerabilities. A series of ‘weak spots’ that leave all that an organisation holds dear susceptible to attack. The stark reality is that companies have lost everything with the breach of just one of these loopholes.
In fact, the risk is so large, that regulations surrounding the protection of this data are now written into law. For many, General Data Protection Regulation (GDPR) will be the most recognisable, but this is certainly not the only code of conduct developed with cyber security in mind — SOC2, ISO 27001, PCI DSS, HIPAA are just a few accreditations that modern-day enterprises must now factor into their infrastructure.
The main motive behind these regulations is to encourage companies to become more aware and standardised about the security of their systems and data protection. Taking GDPR as an example, very often, companies equate compliance with the creation and implementation of a certain list of documents and policies — i.e. they focus on organisational measures to protect personal data.
However, what many don’t realise, is that – according to Art. 24 of the regulation – it is necessary to take both company-wide and technical protection measures. And for those ignoring the latter, it has already become one of the main reasons behind some of the largest fines.
But demonstrating the presence of technical measures needn’t be a challenge. This additional element can be easily exhibited via a penetration testing report — a process by which a system is tested through the simulation of security attacks. By proactively searching for vulnerabilities in a company’s existing tech stack, recommendations can be made on how to rectify them.
Future-proofing sensitive data in this way can make all the difference — especially at a time when data leaks are considered ‘big business’. With the value of these snippets of personal information at extortionate levels, hackers will go to any lengths to steal this lucrative material as a means to fund their own criminal agendas. Not only can this be financially crippling for those affected, but reputationally too. After all, once consumer trust has been lost, it can quite quickly spell disaster for firms — no matter how successful they may have once been.
While there is no doubt that robust cybersecurity measures can come at a cost, the repercussions of choosing not to invest in the correct levels of protection in advance, can be infinitely more expensive. Rather, ‘spending’ these resources ahead of time and assessing the level of a system’s security maturity via annual penetration testing, audits, the setting up of security processes, plus the installation of additional monitoring and intrusion detection systems, will pay dividends in the longer term.
Don’t leave system security to chance
Many firms mistakenly think it’s an element that doesn’t require a great deal of their attention. But even those at the cutting edge of innovative solutions have found themselves inadvertently falling foul of the rules. Indeed, a leading multinational technology company, who also happens to be one of the most recognisable household names, was previously found in violation of privacy protection laws. Alongside sanctions, the brand received a £43 million fine following an investigation of complaints filed by privacy protection organisations.
And it’s not only data breaches that can lead to controversial outcomes. Viruses can pose a similar level of threat. For SEO-rich websites, which count web traffic as their most valuable source of sales, an infected webpage can have serious repercussions — with pages penalised by search engines consequently falling out of rankings, ultimately leaving the business with no meaningful revenue stream to speak of. And while these issues can usually be fixed, with the levels of complexity and the costs to tackle this retrospectively, it can often prove unviable.
While there is no doubt that the current global situation has put many businesses in financial jeopardy — and this will, inevitably, mean that costs must be cut — when it comes to a company’s IT provision, investment in cyber security should never be compromised. Future-proofing sensitive data by protecting any weak areas from exploitation will always be a wise investment — and with the rise of hybrid working models, this has never been more relevant than right now.Back to News