A recent poll by Blue Core Research shows an interesting pattern in cybersecurity budgets. About half of the companies (47%) increased their cybersecurity budget, but the other half had a negative trend. From the companies with a negative trend, about a quarter has the budget remain the same, half had some decrease in the budget and the last quarter had a significant reduction.

This is inline with other polls that indicate that while IT budgets are shrinking, cybersecurity budgets are fairing well and often increase. The reduction in half the companies is a result of general economic conditions and the fiscal reality that companies cannot invest more.

The increase in almost half the companies is a result of the heightened concern about cybersecurity and the threat it poses to the business. That is inline with the tsunami of data breaches regularly observed all over the world. The problem is massive and companies are willing to invest in it even when money is scarce.

But what does this mean for you and what should you do about it?

Takeaways

There’s several important takeaways. First, is that money isn’t plentiful even when budgets show some increase. There’s a significant risk that budgets will shrink during the year as a result of necessity and conserving funds is either mandated by a smaller budget or advisable given the uncertain outlook.

In other words – spend wisely.

The second important takeaway is that the results are unsatisfactory. Companies invest more despite unfavorable economic conditions because they must have better results. They need cybersecurity to provide protection and the only way for them to do it is by providing more resources. But they don’t feel safe. They don’t believe they are well protected. Which is understandable given the constant data breaches everywhere.

In other words – provide better protection.

Actions

This mandates three actions:

1. Switch to alternatives that offer better protection at a lower price
2. Evaluate the necessity and effectiveness of existing efforts
3. Change strategic investments to alternatives that offer a higher data breach resistance and at a smaller overall cost

What this situation definitely doesn’t call for is to keep doing the same thing. You will not get better security and costs will only continue to rise. This is the perfect time to change investments to newer technologies that give better protection at a reduced cost.

Better Protection and Lower Price

Can you get better protection while spending less? It seems like a bad sales pitch. But yes, it is possible.

When you’re “stuck” with the same solution for a long time, you often miss on new alternatives that are both better and cheaper. When you’re working with the same large vendor for many years, you will likely have an annual increase in price but no significant increase in value. When you change vendors and look at newer emerging technologies you can find better protection with less spending.

Many organizations find it uncomfortable to switch from the same large vendor they’ve been using for many years. They also don’t want to switch from products they are familiar with.

However, the reality is that old products don’t get a technology makeover. If you want newer technology you have to switch to another product. So thinking about changing products is the only way to get newer and better technology.

Additionally, large companies don’t develop new technology – they acquire it. After acquiring a product, they increase prices. They have to compensate for their investment and for their higher cost of sale. Buying from the companies that develop technologies and would be acquired in the future offers these better products at lower costs. It also offers these better products now instead of in five or ten years.

A good example is Blue Core Research database security offering. We are a small company that offers better technology and better prices than the large vendors we compete with. If you want to cut costs protecting your databases – we can help you do that. We will also give you our better technology that isn’t available from other large vendors.

Evaluating Existing Solutions

How can you tell if your security works well? It seems impossible to measure the effectiveness of what you’re using. But, actually, it’s very simple.

There’s a single indication that works well for any kind of cybersecurity measure and clearly tells you whether it’s working: the false positive alerts you’re getting.

If you’re not getting any alerts, your security isn’t working. Because no solution is perfect, every solution would have some false positives and some false negatives. False positives are alerts of potential intrusions that are false alerts. False negatives are intrusions that were not detected. You can’t have zero from both.

Your objective is to eliminate false negatives as much as possible. False negatives are really bad and lead to a data breach. You don’t want to have undetected intrusions.

When you try to eliminate false negatives you will, inevitably, see an increase in false positives. Those are false alerts of possible intrusion and they indicate your security system is sensitive enough. While we want to reduce the number of false positives to a manageable level, we shouldn’t try to eliminate them because no false positives will, inevitably, result in false negatives.

In other words – if you have a security system that seems to “do it’s job” but doesn’t generate any alerts or some form of false positives – it’s definitely not doing a good job. You must get regular alerts. Those alerts must be on activity that could resemble an intrusion attempt. If you’re not getting it – your security is ineffective and you should consider something else.

A good example we often encounter in the database security world is from customers that have solutions that work silently. They are supposed to block every intrusion attempt and never generate any alerts. When evaluating the policies they implement, it’s clear that they offer almost no protection and will be circumvented by almost any real attack. They simply don’t combat any real-world attack vectors.

Better Strategic Investments

One of the big money-drains in cybersecurity is perimeter protection. It’s also well-known to be the least effective security.

The perimeter is very large. There’s a lot of endpoints to protect. There are also many efforts from network security to email protection and the never-ending personnel training. However, despite high and constantly increasing costs – the perimeter is hopelessly permeable.

It’s just the nature of perimeter protection. The weakest link nightmare. Lots of ways to get in and none of them can be properly secured. Not to mention the 20% risk of a breach from an internal actor. A risk that is usually ignored.

The alternative to perimeter protection is data-centric defense. Primarily it means protecting the databases and applications. The concept is that by protecting the data we can eliminate a breach whether from internal or external actors.

Data-centric defenses have a higher per-unit cost, but with far fewer units to protect, the bottom line is that data-centric defenses are cheaper than the perimeter. However, there are many ways to implement data-centric defenses with some highly effective and some that are more for show. It is critical to choose data-centric defenses that are effective and can more than compensate for a decreased investment in the perimeter.

The math is simple. For example, if your perimeter is 80% effective against a breach and you have data-centric defense that is also 80% effective, the combined effectiveness is 96% (100% – 20% x 20%). Similarly, if you have a 60% effective perimeter and 60% effective data-centric defense the result is 84% total protection (100% – 40% x 40%). That is the beauty of serial defenses – they reinforce one another and result in unusually high effectiveness at lower individual contribution. It is the opposite of the parallel defenses in the perimeter that weaken one another.

Final Thoughts

Smart investments and a careful choice of technologies can yield almost impenetrable protection at a lower price. However, it requires stepping outside your comfort zone looking at newer technologies from new vendors.

If you’re not ready to change everything (and few people are), take small steps. Make a small investment in database security to start protecting your data at the source. That is, undoubtedly, the most important investment you can do when protecting data. If you are already protecting your database – consider upgrading the technology while reducing the price.

Take a look at all those security systems that “work hard” but give you no false positives. There’s a good chance they only drain your resources and don’t give too much protection.

Things often change when there’s no choice. Higher threats and lower budgets are the perfect time for a change. Make sure it is a change for the better and build up your future security.