IT cost-cutting mistakes to avoid

IT, Business, IT cost-cutting mistakes to avoid

It’s a dilemma that presents itself each-and-every-day in boardrooms across the globe — and the question of where to save money, won’t be one that disappears any time soon. In fact, in the current climate, the need to streamline has never been greater for many businesses, who are doing all that they can to hold their heads above water.

And there is no doubt that, for some, discussions will turn to their IT provision. They’ll question whether they really need the full suite of solutions that they currently pay for. Of course, they probably do — after all, the investment was deemed worth it, in less fragile economic times.

It’s also prudent to note that, beyond any doubt, technology was the saving grace for companies throughout the pandemic. Without it, the resulting economic damage would have been cataclysmic. And that’s why, more than ever, it’s a business-critical investment that should be protected at all costs.

However, regardless of this fact, there will be organisations which — due to financial instability — feel compelled to make cutbacks. But, as Denis Koloshko, chief technical officer (CTO) at software development and systems integration specialist IDS Group explains, if those businesses heed just one piece of advice, it should be this: cutting back on cybersecurity is always a mistake.

Opening the door to disaster

Behind every single system lay vulnerabilities. A series of ‘weak spots’ that leave all that an organisation holds dear susceptible to attack. The stark reality is that companies have lost everything with the breach of just one of these loopholes.

In fact, the risk is so large that regulations surrounding the protection of this data are now written into law. For many, General Data Protection Regulation (GDPR) will be the most recognisable, but this is certainly not the only code of conduct developed with cybersecurity in mind. SOC2, ISO 27001, PCI DSS, HIPAA are just a few accreditations that modern-day enterprises must now factor into their infrastructure.

The main motive behind these regulations is to encourage companies to become more aware and standardised about the security of their systems and data protection. Taking GDPR as an example, companies often equate compliance with the creation and implementation of a certain list of documents and policies — i.e. they focus on organisational measures to protect personal data.

However, what many don’t realise, is that – according to Art. 24 of the regulation – it is necessary to take both company-wide and technical protection measures. And for those ignoring the latter, it has already become one of the main reasons behind some of the largest fines.

But demonstrating the presence of technical measures needn’t be a challenge. This additional element can be easily exhibited via a penetration testing report — a process by which a system is tested through the simulation of security attacks. By proactively searching for vulnerabilities in a company’s existing tech stack, recommendations can be made on how to rectify them.

Future-proofing sensitive data in this way can make all the difference — especially at a time when data leaks are considered ‘big business’. With the value of these snippets of personal information at extortionate levels, hackers will go to any lengths to steal this lucrative material as a means to fund their own criminal agendas. Not only can this be financially crippling for those affected, but reputationally too. After all, once consumer trust has been lost, it can quite quickly spell disaster for firms — no matter how successful they may have once been.

While there is no doubt that robust cybersecurity measures can come at a cost, the repercussions of choosing not to invest in the correct levels of protection in advance can be infinitely more expensive. Rather, ‘spending’ these resources ahead of time and assessing the level of a system’s security maturity via annual penetration testing, audits, the setting up of security processes, plus the installation of additional monitoring and intrusion detection systems, will pay dividends in the longer term.

Don’t leave system security to chance

Many firms mistakenly think it’s an element that doesn’t require a great deal of their attention. But even those at the cutting edge of innovative solutions have found themselves inadvertently falling foul of the rules. Indeed, a leading multinational technology company, who also happens to be one of the most recognisable household names, was previously found to violate privacy protection laws. Alongside sanctions, the brand received a £43 million fine following an investigation of complaints filed by privacy protection organisations.

READ MORE:

And it’s not only data breaches that can lead to controversial outcomes. Viruses can pose a similar level of threat. For SEO-rich websites, which count web traffic as their most valuable source of sales, an infected webpage can have serious repercussions. Pages can be penalised by search engines, consequently falling out of rankings, ultimately leaving the business with no meaningful revenue stream to speak of. And while these issues can usually be fixed, with the levels of complexity and the costs to tackle this retrospectively, it can often prove unviable. While there is no doubt that the current global situation has put many businesses in financial jeopardy, this will inevitably mean that costs must be cut — when it comes to a company’s IT provision, investment in cybersecurity should never be compromised. Future-proofing sensitive data by protecting any weak areas from exploitation will always be a wise investment — and with the rise of hybrid working models, this has never been more relevant than right now.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Author

  • IT, Business, IT cost-cutting mistakes to avoid

    Denis is Chief Technical Officer at software development and systems integration specialist IDS Group. He’s a highly qualified security consultant with over 15 years IT experience, 11 Microsoft certificates and two philosophy degrees. Having been with IDS since the beginning, Denis is the go-to colleague for the most technically demanding tasks. With a vast knowledge of social engineering black/grey/white box pen testing, manual code review, infrastructure, and architecture security analysis – plus CISSP and OSWE accolades – he remains passionate about advancing his skill set even further. For Denis, everything centres around technologies being as effective as possible and making the world a better place in the process.

The rise of lights-out automation in medtech

Amber Donovan-Stevens • 14th September 2021

The global pandemic sped up digital transformations for businesses across the globe. Dr Chantelle Kiernan, Senior Scientific Advisor – Innovation & Digital Transformation (Manufacturing), IDA Ireland explains how the health crisis accelerated lights-out manufacturing in Ireland’s medtech industry.

5G: Pushing the world forward through emerging technologies

Amber Donovan-Stevens • 04th August 2021

As we look to the future, the adoption of 5G networks across the globe is set to revolutionise the way we do business. It promises to significantly upgrade our technology toolkit, improving operations and providing solutions that will create a more inclusive, connected and sustainable world, says Bhushan Patil, SVP EMEA, Tech Mahindra.

Join our webinar on 28th September: How the digital nomad generation influences business behaviour

X