The past few years have been tough for the average consumer. According to the Bureau of Labor Statistics, consumer prices have increased 3%, 5% and 6% over the past three years. The consumer sector is also not the only sector affected.
Just look at the world of enterprise technology, for example. In November 2022 – when the consumer price index was busy setting records of the worst possible kind – business technology prices were quietly rising at a rate four times that of overall market inflation. What’s worse, this happened at a time when organizations were setting records for the average size of a SaaS portfolio. For a while, 1 in 8 dollars spent by modern organizations went directly to SaaS costs.
The gathering of economic storm clouds casts towering tech stacks in a new light
That is, until some sudden economic headwinds caused the corporate powers to question their sky-high tech stacks (and the eye-watering costs that come with them). And so today we find ourselves in a period of “stack streamlining” – or, for those who view the situation with a little more vitriol, “trimming the tech fat.”
Whatever you call it, it’s a wise move for most companies to take a critical look at their SaaS spend. However, it’s important to remember that not all SaaS solutions are built equal. While some tools undoubtedly fall into the fluff category, others are downright indispensable. Unfortunately, it is not always clear which applications fall into which categories.
Therefore, in this article we will look at some tips for conducting a measured, effective technical audit; and also make clear why almost anything in cybersecurity should be considered absolutely last on the list of expendable enterprise apps in today’s rapidly evolving cyber threat landscape.
As the consumer price index cools, technology costs for businesses continue to rise
In 2022, when enterprise technology prices were busy blowing overall consumer inflation out of the water, the world’s eternal optimists were probably assuring their peers that this would be a flash in the pan. However, over the subsequent twelve-month period ending November 2024, almost two-thirds (73%) of all SaaS vendors increased their prices even further, with an average year-on-year increase of over 12%. Worse, more than a few suppliers made these double-digit price increases look like modest adjustments. For example, Webflow has increased the price of their flagship software by a whopping 23% in 2023 alone.
While SaaS prices continued to outpace overall market inflation by more than 200%, the size of the average enterprise SaaS portfolio reached an all-time high of more than 370 applications. However, this high point for enterprise SaaS adoption was short-lived.
Executives are questioning the bloated technology stacks in the enterprise
As you’ve probably already imagined, it didn’t take long for the average business decision maker to take a hard look at SaaS costs (along with virtually every other source of capital expenditure) – and they didn’t exactly like what they saw.
Just as SaaS portfolios were reaching an all-time high in size, another study from the same period found that less than half (44%) of companies’ SaaS applications were actually used regularly by employees. At the same time, research found that US IT departments wasted approximately $85 billion per year on poor technology. Partly as a result of these types of revelations (along with other internal and external forces), the average SaaS portfolio size had suddenly fallen by more than 10% year over year by the end of 2023.
If your company is considering tightening its purse strings, be careful not to sacrifice its security posture
In case you missed it, the past few years have brought about some profound changes in the world of cybersecurity. With the massive increase in advanced phishing attacks – such as business email compromise (BEC), spear phishing and advanced social engineering – along with the advent of generative AI, deepfakes and a slew of other advanced threats, CISOs and their teams are feeling the heat , to say the least.
In Splunk’s 2024 State of Security research report, when asked what types of cyber attacks are most concerning, “AI-powered attacks” topped the list as the most fearsome type of attack. In the same report, 32% of respondents were most concerned about attackers using generative AI to optimize existing attacks, such as crafting more realistic phishing emails or refining malicious scripts. Another frequently cited concern is the possibility that less skilled, opportunistic hackers will exploit generative AI to achieve a significant increase in social engineering attacks. This adds to the 28% of respondents who worry that generative AI will help adversaries increase the number of existing attacks.
While I would argue that now is not the time to skimp on any form of cybersecurity, the fact is that email is still the biggest threat vector, contributing to over 96% of all breaches today, if Even one piece of your security architecture should be prioritized, it should be protecting your employees’ inboxes, and security professionals are increasingly finding that the only way to effectively combat these new AI-enabled threats is to use to make use of the adaptive intelligence of AI itself.
Whether budgets decline or stagnate, security positions will be at risk
As companies try to assess the value of different tools in their technology stacks, you’ll inevitably hear calls for compromises in the form of budget freezes – that is, instead of cutting budgets, simply freezing the current state of one’s stack to avoid any issues to prevent. further cost increases.
While this may sound reasonable at first glance, not every part of your stack can be frozen in time. And that certainly applies in the field of cybersecurity. As we’ve mentioned before, the modern threat landscape is changing at a rapid pace, with new, much more sophisticated (and often AI-enabled) attack types being discovered every day. In such an environment, simply sticking with old security solutions – such as secure email gateways (SEGs) – is often just as problematic as actively cutting corners; because these types of tools are fundamentally inadequate to defend against today’s AI-powered cyber threats.
Ultimately, the future of cybersecurity will be a battle between offensive and defensive applications of AI. And as of today, most security professionals are divided over which side of the battlefield will emerge victorious. In Splunk’s aforementioned State of Security Report, only 43% of respondents believed AI would most benefit defensive capabilities, while 45% believed adversaries would achieve victory with AI. This is an encouraging increase from just eight months ago, when a similar report found that only 17% of respondents thought AI would favor defenders.
Brace Yourself, CISOs: Cost Cuts, Complacency Join AI on the Rapidly Growing List of Existential Threats to Organizational Cybersecurity
In 2020 and 2021 – just as remote work, endless Zoom meetings and using sketchy public Wi-Fi networks at your local Starbucks became facts of life – private sector business leaders recognized the very real and immediate need for more investment in the field of cybersecurity.
And so, for two triumphant years, double-digit budget increases became the norm in cybersecurity. But not for long. According to research by IANS and Artico, the average increase in cybersecurity budget had fallen to just 6% by 2023. And yet, for a significant percentage of organizations, things were even worse. In the same survey, more than a third (37%) of survey respondents said their organizations’ cybersecurity budgets remained the same or were reduced in fiscal year 2023.
While we’ve certainly seen budgets tightening lately, most analysts today predict that technology budgets will actually continue to grow – rather than shrink – over the next 12 to 24 months, albeit at a slower pace than we’ve ever seen. done. seen in the past.
Perhaps most importantly, cuts and freezes will not be introduced uniformly across all activities. Therefore, as cost-saving initiatives become increasingly popular, it is up to the cybersecurity community to convince leaders that their budgets simply cannot be cut – and that leading vectors like email must be strengthened at all costs.
And for those not well-versed in the art of internal advocacy, hopefully this article gives you a good starting point.
We have listed the most secure email providers.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro