A recent poll by Blue Core Research shows an interesting pattern in cybersecurity budgets. About half of the companies (47%) increased their cybersecurity budget, while the other half had a negative trend. Within the negative trend, about a quarter had no changes in their budget, half had some decrease, and the last quarter had a significant reduction.

Other polls indicate that while IT budgets are shrinking, cybersecurity budgets fare well and often increase. The combined picture suggests companies with increased cyber spending do so despite economic conditions. That reduction or frozen cyber investments are a result of general economic conditions and the fiscal reality that companies cannot invest more.

The increase in almost half the companies comes from heightened concern about cybersecurity and its threat to the business. That is in line with the tsunami of data breaches we regularly observe. The problem is massive, and companies are willing to invest even when money is scarce.

But what does this mean for you, and what should you do about it?

Takeaways

There are two important takeaways. First, money isn’t plentiful even when budgets show some increase. There is a significant risk that budgets will shrink out of necessity. Conserving funds is either mandated by a smaller budget or advisable given the uncertain outlook.

In other words, spend wisely.

The second important takeaway is that the results are unsatisfactory. Companies invest more despite unfavorable economic conditions because they must achieve better results. In their view, cybersecurity needs to provide better protection, and the only way to do it is by providing more resources. But they don’t feel safe. They don’t believe they are well protected. And that is understandable given the constant data breaches everywhere.

In other words, we must provide better protection.

Actions

This mandates three actions:

1. Switch to alternatives that offer better protection at a lower price
2. Evaluate the necessity and effectiveness of existing efforts
3. Change strategic investments to alternatives offering higher breach resistance at a smaller overall cost

This situation definitely doesn’t call for continuing to do the same thing. The same thing will not provide better security, and costs will continue to rise. It is the perfect time to invest in newer technologies that offer better protection at a lower price point.

Better Protection and Lower Price

Can you get better protection while spending less? It seems like a bad sales pitch. But yes, it is possible.

When you’re locked into the same solution for a long time, you often miss out on new alternatives that are both better and cheaper. When you’re working with the same large vendor for many years, you will likely have an annual increase in price but no significant increase in value. When you change vendors and look at newer emerging technologies, you can find better protection with less spending.

Many organizations find it uncomfortable to switch from the same large vendor they’ve been using for many years. They also don’t want to switch from products they are familiar with.

However, the reality is that old products don’t get a technology makeover. If you want newer technology, you have to switch to another product. While uncomfortable, thinking about changing products is the only way to get newer and better technology.

Additionally, large companies don’t develop new technology – they acquire it. After the acquisition, prices often increase. It’s inevitable and required to compensate for the investment and for a higher cost of sale. Buying from the companies that develop technologies (and may be acquired in the future) offers better products at lower costs. It also offers new technology now, instead of five or ten years down the road.

Blue Core Research, for example, is a small company. We have better technology and lower prices than the large vendors we compete with. If you want to cut costs protecting your databases, we can help you do that.

Evaluating Existing Solutions

How can you tell if your security works well? It seems impossible to measure the effectiveness of what you’re using. But it is, actually, easy to do.

There’s a single indication that works well for all cybersecurity measures: the false positive alerts you’re getting.

If you’re not getting any alerts, your security isn’t working. Since no solution is perfect, every solution has some false positives and some false negatives. False positives are alerts of potential intrusions that are false alerts. False negatives are undetected intrusions. You can’t have zero from both.

Your objective is to eliminate false negatives as much as possible. False negatives are a big problem and lead to a data breach. You don’t want undetected intrusions, and it’s better to tolerate the false positives.

When you try to eliminate false negatives, you will see an increase in false positives. That is inevitable. Those false alerts of possible intrusion indicate your security system is sensitive enough. While we want to reduce the number of false positives to manageable levels, we shouldn’t try to eliminate them because no false positives will result in many false negatives.

In other words, if you have a security system that seems to “do its job” but doesn’t generate any alerts or some form of false positives, it’s definitely not doing a good job. You must get regular alerts. Those alerts must be on activity that resembles an intrusion attempt. If you don’t have false positives, your security is ineffective, and you should consider an alternative.

A good example we often encounter in the database security world is customers with solutions that work silently. These solutions are supposed to block every intrusion attempt, and they never generate any alerts. When evaluating the policies in these solutions, it’s clear they offer almost no protection and will be circumvented by nearly any real attack. While it might be possible to do more with these solutions, the default configuration (which customers like) doesn’t combat real-world attack vectors.

Better Strategic Investments

One of the big money-drains in cybersecurity is perimeter protection. It’s also well-known to be the least effective security.

The perimeter is huge. There are a lot of endpoints to protect. There are also many efforts from network security to email protection and the never-ending personnel training. However, despite high and constantly increasing costs, the perimeter is hopelessly permeable.

It’s just the nature of perimeter protection. It’s the weakest link nightmare. Lots of ways to get in, and none of them can be properly secured. Not to mention the 20% risk of a breach from an internal actor. A risk that is usually ignored.

The alternative to perimeter protection is data-centric defense. Primarily, it means protecting the databases and applications. The concept is that by protecting the data, we can eliminate a breach. Both from internal and external actors.

Data-centric defenses have a higher per-unit cost. However, with far fewer units to protect, the total cost of data-centric is far less than the perimeter. There are many ways to implement data-centric defenses. Some are highly effective, and some are more for show. It is critical to choose effective defenses that can compensate for a decreased investment in the perimeter.

The math is simple. For example, if your perimeter is 80% effective against a breach and you have a data-centric defense that is also 80% effective, the combined effectiveness is 96% (100% – 20% x 20%). Similarly, if you have a 60% effective perimeter and 60% effective data-centric defense, the result is 84% total protection (100% – 40% x 40%). That is the beauty of serial defenses with independent protection – they reinforce one another and result in unusually high effectiveness at lower individual contribution. It is the opposite of the parallel defenses in the perimeter that weaken one another.

Final Thoughts

Smart investments and a careful choice of technologies can yield almost impenetrable protection at a lower price. However, it requires stepping outside your comfort zone and looking at newer technologies from new vendors.

If you’re not ready to make radical changes (and few people are), take smaller steps. A small investment in database security is a good start and protects your data at the source. That is, undoubtedly, the most important investment you can make when protecting data. If you are already protecting your database, consider upgrading the technology while reducing the price or branching out to control the application activity.

You should also take a good look at all those security systems that “work hard” but give you no false positives. There’s a good chance they only drain your resources and don’t offer much protection.

Things often change when there’s no choice. Higher threats and lower budgets are the perfect time for a change. Make sure it is a change for the better and build up your future security.