Why security budgets need to be scaled to meet growing risks

In today’s highly competitive business world, the attention of senior management tends to be on achieving consistent growth.

By working to ensure product portfolios match market demand and motivating staff to deliver superior levels of service, business leaders can be confident bottom-line revenues will rise.

However, attention must also be given to the impact that constant growth has on IT security. It may well mean expanded risk, and organisations must ensure their security teams are well equipped to meet the challenge.

Growth and security

To understand the size and nature of the threat, it’s important to consider what business growth entails and the security vulnerabilities it might bring. Growth can come in the form of acquisitions, market expansions, and partnerships and each introduces a new security dynamic that must be carefully managed.

To guard against cyberattacks, organisations employ solutions like security information and event management (SIEM) platforms that monitor, detect, and remediate threats as they arise, however effective security can be stymied by budget limitations.

The problem is that, even when a business is experiencing rapid growth, its security budget may be static or only slightly rising. As a result, security teams are forced to make tough decisions on which risks they are able to address.

For example, they may have to decide how to balance current needs against future company growth, and how to maintain flexibility when making a multi-year commitment to a security platform.

The answer to the budget and growth conundrum lies in flexibility and a paradigm-shift towards how security pricing models are viewed to free the hands of IT security professionals.

The challenge of data

In the modern, data-driven world, any kind of business expansion is matched by a corresponding uptake in data. Large volumes of data are more valuable to cybercriminals as this means there are more opportunities to steal and sell it on the illicit market. Cybercriminal groups are as aware of market developments as any business leader, and they will be looking for opportunities to turn a profit wherever they can.

It should also be remembered that this increased volume of data does not occur in a vacuum. Cybercriminals will be aware that if a business is expanding through acquisition, partnership, or new hires, then the network and its attack surface are expanding as well.

There will also be critical entry points through which bad actors can access the increasingly valuable data. For example, as third-party suppliers are brought in with growth, it becomes vital for security teams to not only monitor their own network but connecting networks as well. This requirement can cause a costly financial challenge if SIEM solutions were not budgeted to meet this increased demand.

As ongoing growth leads to an increase in staff numbers, this could also increase an organisation’s vulnerability to social engineering attack. New employees are an unknown quantity and will bring more connected devices to the network, which represents an increase in both data, and points of vulnerability.

If the organisation’s IT security budget has not been formulated to meet the varying challenges of growth, which sometimes can’t be anticipated, security teams will face the difficult decision of what data to prioritise in protecting.

Flexibility is key

To achieve effective IT security within a set budget, an organisation needs to ensure it has selected the right price model when it comes to deploying its SIEM platform. Two options are usually available: capacity-based pricing and user-based pricing. As their names suggest, the capacity model is a set cost per amount of data, while the user- model is per employee head.

The challenge is, however, that during periods of rapid business growth, accurately estimating both data volumes and user numbers can be difficult if not impossible. This makes forward budgeting very challenging and can lead to unexpected costs.

For this reason, now is the time for SIEM charging models to be rethought. Working closely with their chosen vendors, organisations need to find a new way of charging that both supports growth and also allows for consistent and accurate budgeting of expenses.

Begin discussions with your SIEM vendor today. The result will be improved IT security without unwanted and unanticipated cost blowouts.

Simon Howe
Simon Howe has more than 20 years’ experience in the cybersecurity industry and is currently Vice President Sales Asia Pacific at LogRhythm, the company powering today’s security operations centres. Simon previously worked in sales management for companies including CommVault, Acronis and Symantec.