How a Recession Will Change the Cybersecurity Landscape

As more analysts anticipate a recession in 2023, CISOs and security leaders are under pressure to do more with less. Unfortunately, a recession is likely to incentivize cybercriminals to create new types of threats, as seen during the 2008 recession when the FBI reported an increase of 22.3% in online crime reports between 2008 and 2009.

Further research found that cybercriminal activity rose 40% in the two years following the peak during the recession in 2009.  This article will discuss the potential impact as well as the importance of cybersecurity during a recession.

How The Landscape Might Change

Regardless of the economic situation, it is crucial that businesses protect themselves from disaster and they cannot afford to cut back on their cybersecurity during recessions. Here are some ways the landscape may change due to the recession:

Cybercrime Increases

Over the last few years, the threat landscape has increased significantly. Statistics show that malware production increased from 6,368 malware pieces per month in 2005 to more than 17 million a month in 2022. CEOs are increasingly reassessing their spending and putting strategic plans on hold. A survey conducted before the Russian invasion of Ukraine found that 87% of respondents marked cybersecurity as an important concern over the course of 3-5 years, while 53% saw an increase in threats and 80% of companies expected to increase or maintain their tech spending for 2023. 

Another survey found that only 9% of respondents don’t believe the war in Ukraine will impact their organization compared to 90% that are worried about associated cyberattacks. Digital transformation continues to be a top priority for 58% of respondents. Companies may continue improving their cyber defenses due to the increased risks of post-pandemic remote culture and new SEC rules on cybersecurity disclosure.

The Expert Shortage Will Increase

Many analysts are concerned that the talent shortage will get worse as economic uncertainty might lead to organizations pausing hiring, or even cutting existing employees. Organizations that cut costs and decide not to take on new security hires will inevitably exacerbate their cyber skills gap, meaning security leaders will rely on monitoring and analytics-based solutions.

Experts have said that the first impact of a recession is that new hiring gets postponed, but the productivity of operations staff can be increased by security monitoring and analytics tools, many of which are open-source and don’t require acquisition spending. However, these solutions “require analyst skills,” so organizations will need to invest in staff who have the expertise to configure and use these tools to their full potential. 

CISOs Will Have to Maximize Value 

As organizations adjust to the financial instability that accompanies the recession, CISOs will be under greater pressure to optimize cost-efficiency. This will involve eliminating expensive tools while finding ways to get more use out of existing solutions.   

Experts say in 2023, there will be more pressure on CISOs and security leaders to maximize the value of their existing security stacks. CISOs will need to adapt as opposed to adding more solutions. It’s likely that businesses that fail to adhere to this will become an easier target for cybercriminals.

Impact on Startups

The massive influx of venture investment into cybersecurity in recent years also means that some security startups are likely to face a greater impact than more-established businesses in the event of an economic slowdown. 

VC funding for security companies surged from $12.4 billion in 2020 to $29.3 billion in 2021. 30 cybersecurity startups achieved billion-dollar valuations in 2021, as opposed to six in 2020. So far, the security industry hasn't had hiring freezes or layoffs on a broad scale with the exceptions of cloud security firm Lacework, which laid off 20% of its staff, and attack detection firm Cybereason, which reduced its staff by about 10%.

The Importance of Cybersecurity

An essential step that companies should take is to bolster their cybersecurity posture to prepare for a potential recession. Preparing means more than adopting basic IT security safeguards like firewalls, anti-virus software, and intrusion detection systems. Some ways companies and C-suite executives can promote growth in cyber security include:

Focus on Strong Defense

Defense is a critical aspect of cybersecurity during a recession. An economic downturn requires a security strategy equipped to fend off threat actors. It’s also important for executives to identify and mitigate potential insider threats, which are becoming more frequent and intense. Focus on a strong defense to get through the challenging times of a recession.

Use Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a security process that verifies your identity by requiring you to provide two or more pieces of your identity to access your account. For example, the system might require something you know, such as a password and something you have, such as a unique code sent to a mobile device. This tool provides an additional layer of security, making it harder for attackers to hack your devices and accounts.

Limit Access to Sensitive Data

Another measure that can bolster your cybersecurity is limiting access to sensitive data. Make sure that only employees who have to work with specific data have access to it rather than every employee in the business. All of your employees don’t necessarily need access to all of your data. Limiting access to certain data means that you have less entry chances for cyber threats.

Impact of AI

Using AI and machine learning (ML) to detect and intercept high-risk actions and unusual behavior throughout the environment is essential for identifying malicious entities before they can gain access to critical data assets. AI and deep learning solutions have made strides in prevention capabilities and provide security teams the ability to prevent novel attack types that haven’t been previously seen. However, organizations must keep their expectations reasonable when using AI. These expectations include helping identify more attacks, reducing false positive alerts, and streamlining an organization’s detection and response functions.

Government Spending on CyberSecurity

Businesses around the world collectively lost nearly $6 trillion within a year to cybercrime due to lost data, penalties, productivity loss, ransoms, and attacks that led to total business failure. The impact of an attack can also be particularly damaging for small businesses.

The fiscal 2023 budget in the United States increased cybersecurity spending by nearly 10%, including $11 billion for the Department of Defense to implement zero-trust architecture across its vendor systems. Additionally, the Infrastructure and Jobs Act included 1.9 billion in cybersecurity funding across several programs to secure local government assets. The U.S. government’s commitment to cybersecurity may be a sign of cyber spending to come as other governments ramp up their defense.

Cybersecurity Awareness Training

Cybersecurity awareness training is one of the first steps a company can take. Many of these attacks can be avoided if employees know the risks and learn to identify them. Since email security is critical as emails are one of the primary sources of spreading phishing attacks, ransomware and malware, employees need to learn how to spot these attacks before opening the emails.

Implement Multi-Layered Email Security Protection

Fully-managed email security services that leverage advanced technology to analyze behavior and dynamically analyze URLs and files help prevent cyberattacks from exploiting vulnerabilities. The critical additional layers of protection that a reputable third-party email security solution provides bridge the gaps found in static, single-layered defenses such as those built into Microsoft 365 and Google Workspace. 

Cybersecurity Consequences of a Recession

Trends show a correlation between high-pressure national and global events that spark interest in cybercriminal activity. According to the Center for Strategic and International Studies, the global costs of cyberattacks worsened by a recession include:

• Confidential and intellectual property is lost
• Online identity theft and financial fraud increase
• Personal and government money is held for ransom and used manipulatively
• Trust in online activities decreases as internet users understand the risks
• Paying to protect intellectual property and networks skyrockets
• Reputations from individuals, companies, programs and nations are diminished

Keep Learning

The financial outlook for 2023 may appear bleak, however, the cybersecurity industry has traditionally been resilient during periods of economic uncertainty. The best way to prevent a cyberattack is by having proper protocols and a strong email security solution in place.

• Learn more about effectively protecting your business from ransomware.
• Improve your email security posture to protect against attacks by following best practices.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay safe online.