TECH INTELLIGENCE: A better way

Sometimes it seems like business owners cannot get a break. Supply chains are still tangled, while inflation and rising interest rates continue to hammer away at profits. Companies are scouring the landscape seeking savings wherever they can, and cybersecurity spending – like other expenses – is being scrutinized. As part of the budgeting process at many organizations, the level of support staff is declining even as more layers of technology are added. With more operations being digitized, the challenge is how to trim IT and other costs without compromising security.

Doing this effectively can be a balancing act: reducing expenses while maintaining robust cyber defenses against continually evolving threats. The answer often means finding a better way to leverage existing cyber assets, and the process starts with a thorough review of an enterprise’s current system.

This was dramatically illustrated when a North Jersey municipality curtailed its cybersecurity activities as part of a broad-based effort to conserve funds and limit tax increases, only to find that the network was taken over by state-sponsored cybercriminals. eMazzanti Technologies was called in – along with the FBI and Homeland Security – and our professionals deployed mitigation efforts that included a global password reset; multifactor authentication, a process that requires a user to provide two or more independent verification factors to gain access to an application, online account or other systems; and other preventive measures. More than three years later, the municipality’s systems remained secure.

A “smart” approach is important. Businesses and other users are often tempted to rush out and purchase the latest security software, but it can be less expensive, and sometimes more effective, to ensure that existing cyber assets are properly configured. Experienced IT advisers know, for example, that even the best package will underperform if it is not set up properly or has not been updated with the latest releases.

The first stop is generally the software manufacturer’s website, which typically offers free “patches” or downloadable changes to a program designed to update, fix, or improve its security vulnerabilities, operational effectiveness, or other characteristics. Once that basic step is completed, a company can consider calling in a partner company – software firms often list partners on their website – to conduct a deep review that may uncover additional vulnerabilities or tweaks that will improve the system’s performance. Or a business may call in an outside managed IT services provider for either a targeted review or a comprehensive examination of the entire environment.

Similar to our experience with the New Jersey municipality, an end-to-end review may identify misconfigured software as well as security and efficiency features that have not been activated or are being underutilized. A cybersecurity consultant can also review scanning protocols, suggest scheduling and other changes, and determine whether a business’ devices have appropriate web content filtering and other protections. Additionally, a cybersecurity provider who carefully monitors their expenses will be able to offer competitive pricing to their clients, establishing a “win-win” situation for everyone involved.

It is important to keep in mind that bad actors are relentless, and companies that pull back on their cybersecurity efforts are likely to pay more – one way or the other – in the long run.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.