For example, a FinOps developer determined that AuditBoard had overprovisioned servers at one of its cloud providers – additional servers that the company was paying to own and paid for us to secure. Marcus says having this position paid for itself quickly, noting that AuditBoard has seen a 10-fold return on investment.
7. Ask employees to become safety champions
Another way to reduce costs is to reduce the number of problems that require security attention.
To do that, Jimmy Sanders, president of ISSA International and until the beginning of 2024 head of security at Netflix DVD, advises CISOs to create a program of security champions.
The program involves employees throughout the business, and especially in IT, to receive specific security training that they can bring to their daily work and to their colleagues in the team, thus promoting a better security culture of the organization, he says.
This reduces security costs in several ways, Sanders said. Security professionals can help with basic security needs as part of their daily work, saving the security department time and increasing its efficiency as a result.
An improved security culture means that employees pay more attention to cyber risks and threats and, therefore, are less likely to fall victim to them; that reduces the number of incidents, eliminating response costs. Security champions are more likely to integrate security into business requirements, and to do so earlier in the work and project cycle, when injecting security requirements and security work is not only efficient but less expensive to do.
Source link