Saturday, July 20, 2024

How Cost Cutting on Cybersecurity Presents an Opportunity for Hackers

Amidst the impact of the COVID-19 pandemic, executives of most organizations are looking at ways to cut expenses across their businesses to manage the financial pressure.

This includes cutting costs and canceling or deferring planned investments.  Of those planned investments, the cybersecurity budget is the first thing that most executives target to meet cost-cutting or save money.

Barracuda network’s new research states that 41 % of businesses across the world have expense-cut on security budgets due to the economic crises of the COVID-19 epidemic.

“Many IT leaders are accustomed to cutting costs in areas that don’t have a return on investment. Cybersecurity is many times a victim of budget cuts due to the inability of leaders to prove the ROI, which is not seen unless an incident occurs”Michael Hoyt, Life Cycle Engineering, Inc.

However, such cost-cutting of the cybersecurity / application security leads to serious concerns down the line, especially when an organization will get attacked.

Do you see what we see?

  • 1000s of business decision-makers in a recent survey illustrated the serious consequences the pandemic could have on businesses’ potential to combat cyber threats as hackers target remote workers and infrastructure.
  • 51% of participants said they’ve noticed an increase in email phishing attacks.

Amid rising security threats, if you are skimping on a cyber budget, you are leaving your business exposed to incidents, which could cost you millions.

Still, tempted on cutting cyber expenses? Let us highlight the common areas that got to cut costs and how it presents an opportunity for hackers.

1.Not Serious About Regular Cybersecurity Training

Employers are relaxing their attentiveness in cybersecurity awareness training and hackers are taking advantage of it. Criminals give more priority to human vulnerabilities than software weaknesses. They are adept at manipulating employees’ natural curiosity, time constraints, and longing to be helpful to persuade them to click malicious links.

KnowBe4 revealed that 38% of untrained workforce fail phishing tests – it is not difficult to trick the unsuspicious, untrained eye.

Most of the social engineering and ransomware attacks are sourced by the internal employees clicking on a malicious phishing email, giving attackers access to the system, and sharing their login information.

Wakeup call: While it may appear unnecessary to train the workforce about avoiding cyber threats, it could protect your company from immense loss.

2.Not Investing in Proper Security Software

Most businesses understand they need online protection but aren’t aware of how much. This is where their choice of security software makes a difference.

Some IT executives tend to download unauthorized, unsecured free software even for security monitoring with the intention of not impacting the IT budget. However, the fact is free or less expensive security software makes up the cost somewhere else. Less expensive software often comes with unpatched weaknesses. Trusting these kinds of software for protecting valuable data aid hackers to find easy targets.

Wakeup call: To combat the infinite number of security risks, it is important to choose the security software wisely. The product should have an inbuilt anti-exploitation defense and perform continuous vulnerability testing and frequent code audits.

3.Saving Money by Not Upgrading Software

An unvaccinated individual can spread a virus to the entire society. Much in the same way, unprotected software can remain a threat to your entire business. Hackers often target known vulnerabilities to capture a system – over half of the vulnerabilities exploited by hackers are more than a year old or over 5 years old, showing how failure to update software is leaving your system vulnerable to malicious compromise.

Wakeup call: If you want to save by using outdated software and OS, you’re making an easy entrance point to attackers, and your risk of being attacked by cybercriminals skyrockets. By simply updating software on time, you can cut the risks off significantly.

4.Choosing A Less Expensive Security Service Partner

If you are not considering critical factors other than the budget while choosing managed security service providers, you may end up with one, which offers you ineffective services and products, down the line, are costlier to manage.

Moreover, threat actors are aware that compromising a single MSP is all that is enough to gain access to their thousands of customers.

Recently, hackers have targeted MSSPs to then exploit their clients’ systems. In most of those incidents, the attackers have exploited the vulnerabilities in the remote access tools, which MSSPs employ to gain access to their client’s system. The operation Cloud Hopper campaign of China-based APT10 threat group – is an example.

Wakeup call: Many risks can be avoided by wisely choosing the security service provider. Try to understand the technology platform they use, how they remain current with their expertise, how they’re offering round-the-clock security service, and how they’re handling the latest risks.

5. Neglecting BYOD Vulnerabilities

Having a BYOD policy in place works well for both employees that allow them to exercise more control on their device and businesses that can save money on buying employee devices. However, this practice can post several security risks to your business if the employees are not handling their devices correctly. Also, employees may connect their device to unsecured public Wi-Fi networks – make your system more vulnerable to hackers. Hackers could deploy man-in-the-middle or packet sniffing techniques to intercept critical data including passwords and customer details.

Wakeup call: Though BYOD seems short-term gain, in the long-term it is a pain. BYOD will push up the IT costs as the IT team has less control over the gadgets used by the employees.


Of course, budgeting can be a hectic task. This is even more true if you are tasked with saving money, adopting new technology, and improving efficiency in the period of global crises. However, remember that successful security attacks can be expensive for your business as this goes beyond financial losses. As such, by cutting costs on cybersecurity expenses, you are not doing any favor to your business.

As your organization’s digital footprint grows prominent, subscribe to cutting-edge cybersecurity services like Indusface security service to secure your business and concentrate on boosting your profitability stress-free.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles