The Importance of Your Cybersecurity Plan in a Recession

Recent layoffs have left hundreds of thousands of employees from the tech industry and elsewhere out of a job. But the prevalence of cyber attacks isn’t determined by the state of the economy. In fact, as people within an organization are moved around or terminated, that can open an organization up for vulnerabilities in multiple areas.

Purplesec, a cybersecurity firm, pointed out that security breaches on “enterprise organizations” have increased nearly 30 percent, and over 50% of cyber attacks are done on small and mid-sized businesses. Where other areas of business may be susceptible to rescaling or downsizing, your cybersecurity plan—including awareness training, physical systems, and more—should not be left vulnerable.

The increase of cyber attacks creates the need for cybersecurity professionals across a diverse set of specialties. “Whether it’s security awareness training, risk identification and management, or the more technical aspects of cybersecurity,” Mark Gibaldi, chief information security officer at Insight Global, says, cybersecurity should be a continued investment no matter the situation.

Those who commit cyber crime are becoming more “creative,” Gibaldi says, and your people—both cybersecurity professionals and general employees—are the most valuable tool to preventing cyber attacks on a business.

Cybersecurity Training and Cyber Risk Are Top Priorities

Proper cybersecurity plans are necessary whether people are laid off, get moved around your company, or hiring practices remain the same.

“There is a lot of identity related information that is changing about an individual” in these scenarios, Gibaldi says. “Do they work at my company, yes or no? What role do they have, and what permissions should they have? When they move from Role A to Role B, have you properly taken away permissions they no longer need, or are they snowballing?”

Some things that need to be considered with regards to employees and cybersecurity are:

• What permissions do employees have to access systems?
• What data have employees collected on their professional or personal devices?
• How can you make sure this data is secured as people move within and out of your company?
• How do you make sure data isn’t left vulnerable to be the target of cyber crime?

Overall, there is a large human element to cybersecurity. People naturally become vulnerable when it comes to job security. Transparency about your recession plans is key here. So is training employees on what to look for with regards to cyber attacks, as is making sure you have systems in place to flag when something may be wrong.

“Security awareness training is one of the most powerful tools we have,” Gibaldi says. A 2023 report revealed that security awareness training can reduce an organization’s risk by between 45% and 70%. Proper training can reduce employees’ defenselessness to phishing by up to 80%, too. Continued investment and training in this area can help keep an organization secure in the long-term. This is just one of many steps you can take in an overall checklist to protect your organization.

Your Cybersecurity Plan is a Group Effort

Cybersecurity doesn’t look like “me and my team working in a closet somewhere in isolation,” Gibaldi said. There is a whole team effort in making sure an organization is secure from cyber attacks.

Some other departments that might be included in cybersecurity plans include:

• Human resources: inform cybersecurity teams of promotions, terminations, lateral movements, new hires, and more. They also help facilitate security onboardings and trainings.
• Legal: help inform cybersecurity teams of new laws regarding privacy and security, and help interpret and implement these laws.
• IT and application development: build and implement systems that help protect an organization’s internal and external digital assets.
• Property management: facilitate proper security measures that include physical access to buildings (key cards/fobs, security systems, etc.)

Gibaldi noted that “it’s possible that cuts in those areas can impact your ability to be secure or digest new regulations.”

Upskill or Reskill into Cybersecurity

Currently, the cybersecurity job market is robust for candidates. There are more job positions than there are candidates to fill them. While this is great for job seekers, that can make it tough on some existing cybersecurity teams. They can be understaffed or need to take on the responsibilities of roles that aren’t filled yet.

An option to assist and staff cybersecurity teams is to reskill or upskill current employees. This requires intentional opportunity and investment. (It’s also a great step in recruiting cybersecurity talent in the first place.)

For instance, you may have help desk or service desk employees who have exposure to IT technologies and issues. Gibaldi says that’s a good basis for someone becoming an entry-level cybersecurity analyst. While the employee would need specific cybersecurity training (like a Security+ certification), this can be an effective way to reskill or upskill employs to areas of need. This practice is vital during an economic downturn, where you people are your most important asset.

There are also people within HR and training departments who can be reskilled to assist with security awareness training (developing or instituting teachings) or cyber risk reviews (monitoring BitSight scores for internal and external vendors, helping with risk assessments, etc.).

Whether it’s through an entry-level analyst role or training position, these are great ways to invest in employees, who can enter the cybersecurity world with present skills, and to fill areas of need within the company. Once in the field, growth in the current job market can include “pretty rapid advancement,” Gibaldi says.

---

If the United States is in a recession or it isn’t, cybersecurity and the support from surrounding teams is vital to protecting your organization from risk and attacks. Investing in your people and overall cybersecurity plan can only help.