How “Slower Economic Growth” Affects Cybersecurity?
While institutions are showing increased interest in “cybersecurity,” which puts jobs associated with the industry relatively far from the guillotine of layoffs that hit many companies around the world, especially tech companies, this hasn’t stopped the scale of the impact. Related concerns about slowing economic growth and its impact on cybersecurity, especially the escalating challenges facing these institutions.
The rapid economic development that the world has witnessed, especially from last year 2022 until now, has brought a series of obstacles to business, especially the rise in prices and inflation, which has forced many central banks around the world monetary tightening policy (central banks to reduce money demand) and higher interest rates, due to the high cost of debt, which is reflected in the financial position of many companies.
These difficulties faced by various organizations raise doubts about the extent to which they are able to meet and invest in cybersecurity (whether in terms of the human element or investing adequately in cybersecurity measures, etc.), while they face financial challenges. Pressure to slow growth based on current economic conditions.
6 shares
Tan Cheng, a professor at the School of Computing and Information Systems at the University of Athabasca in Canada, pointed out in an exclusive statement to the “Sky News Arab Economy” website that the six basic risks caused by the slowdown in economic growth directly affect various “network security” institutions. And lead to a set of serious threats accordingly, they are:
1. Insufficient funds.
2. Lack of talent.
3. Increase the number of attack yards.
4. Lack of security awareness.
5. “Third Party” Risk.
6. Regulatory compliance challenges.
A professor from the School of Computer and Information Systems at Athabasca University in Canada explained these risks in detail, as follows:
First – Insufficient funds:
Budget constraints during a recession can hinder an organization’s ability to fully invest in cybersecurity measures. This poses a significant risk because cybersecurity requires continuous investment in cutting-edge technology, skilled personnel and ongoing training programs. Without adequate funding, organizations can struggle to implement effective security controls and keep up with emerging threats.
2. Lack of talent:
The economic crisis may lead to layoffs, which may affect the availability of skilled cybersecurity professionals. With limited resources, “organizations may not be able to attract or retain the best talent,” leading to a skills gap in their cybersecurity teams. Lack of expertise impacts incident response, threat detection, and overall security posture, making organizations more vulnerable to cyberattacks.
Third – increase the attack area:
Recessions typically lead to remote work policies, cost-cutting measures, and increased reliance on digital platforms.
These expanded attack areas provide threat actors with more opportunities; to exploit vulnerabilities and gain unauthorized access. Rapid adoption of new technologies without proper security assessments also creates additional risks, especially as security concerns recede during the financial crisis.
Fourth – Lack of security awareness:
During a financial crisis, organizations may prioritize financial survival over employee security awareness programs. This can lead to a lack of education, training and awareness programs in the cybersecurity field. Without a strong security culture and a clear understanding of employees, the risk of falling victim to attacks, phishing, and other forms of cyber threats increases dramatically.
5. Third-party risks:
Economic downturns can affect the financial stability of suppliers, vendors, and partners in an organization’s supply chain. Weaker entities may shorten cybersecurity measures, which could compromise sensitive data or systems shared with the organization. This highlights the need for comprehensive third-party risk management practices to identify and address vulnerabilities arising from the financial crisis.
Sixth: Regulatory compliance challenges:
Economic crises can lead to regulatory changes, changes in compliance requirements, or delays in implementation. Organizations may find it difficult to keep up with changing regulations and maintain compliance during these times. Failure to adhere to compliance standards can have legal and reputational consequences, so even in times of economic uncertainty, organizations must prioritize compliance efforts.
In this regard, the British “Financial Times” quoted George Kurtz, CEO of CrowdStrike (an American network security technology company based in Austin, Texas), as saying, “Cyber threats to enterprises will not disappear in economic downturns. .”
Cyber Security jobs
On the other hand, a previous study by ISC2, a non-profit organization specializing in the training and certification of cybersecurity professionals, showed that despite current challenges, the vast majority of companies seek to maintain cybersecurity jobs, as follows:
- Nearly 50% of senior executives (Germany, Japan, Singapore, UK and US) report that they are likely to lay off staff due to the expected recession this year.
- Only about 10 percent of organizations said they were likely to cut cybersecurity-related positions (compared to an average of 20 percent for other regions).
- In Singapore, for example, 68% of organizations firmly believe that layoffs will be necessary as the economy slows, but only 15% are likely to do so compared to other departments such as human resources (32%) and marketing ( 28%).
- The findings suggest that business leaders no longer view cybersecurity as a good job that can only be done when there is a budget available, but rather that it has become a “critical asset that brings real value to the business.”
proactive measures
Returning to a professor at the School of Computing and Information Systems at Athabasca University in Canada, he said on the Sky News Arab Economy website: “In general, organizations can take the initiative to reduce risk and measures to maintain a strong position.” For cybersecurity … I think the most effective way to deal with the economic slowdown and cybersecurity risk is to rely on or migrate to the cloud.
He continued, “Adopting or migrating to the cloud can be an effective strategy for enhancing cybersecurity and reducing costs for organizations.
A “cloud migration” strategy is an organization’s plan to migrate its data and applications from on-premises infrastructure to the cloud. In an interview with Sky News Arab Economy, Qing Tan explained the importance of this strategy in several ways, the most important of which are:
- Leverage cloud service provider expertise: This enables organizations to focus on their core business while leveraging cloud provider security expertise.
- Robust Security Infrastructure: The cloud environment is designed to provide a high level of security and protection against common cyber threats
- Continuous Security Updates: Cloud service providers actively monitor and update their security measures to address emerging threats and vulnerabilities.
- Flexibility and scalability: Cloud platforms offer scalability and flexibility, allowing organizations to adjust their infrastructure and resources according to their needs.
- Improved resiliency and disaster recovery: Cloud environments often have built-in redundancy and disaster recovery mechanisms. By using cloud services, organizations can ensure that their data is backed up and replicated in multiple locations and protected from all types of disruptions, including cyber-attacks.
- More cost-effective than traditional on-premises infrastructure: Cloud services can offer cost advantages over traditional on-premises infrastructure. Organizations can benefit from the economies of scale offered by cloud providers, reducing the need for large upfront investments in hardware, software, and maintenance.
“Despite these benefits, it is important to note that cloud adoption does not absolve organizations of the responsibility to ensure appropriate network security. Organizations still need to evaluate and understand shared responsibility models with cloud providers, implement appropriate access controls, manage user permissions, and regularly monitor and audit their cloud environments to identify and address potential security gaps.”