Practical ways to maximise cyber security in lean times
Practical ways to maximise cyber security in lean times
Keeping up with cyber threats has become a constant challenge for organisations. As attacks grow more sophisticated, controls and governance must continually be strengthened to reduce risk and keep systems and data safe.
Yet, with persistent fiscal pressures, executives are often asked to hold or reduce spending while maintaining the same level of protection. With fixed or increasing contract costs and competition in retaining skilled talent, this presents a significant challenge to security executives and senior leaders.
The good news? In times of budget drought, maximising the value of what you already have is an option that can deliver immediate benefit often without significant cost.
Why existing cyber security controls can fall short
Cyber security products are often deployed with the best intentions, but common issues often limit their effectiveness, including:
- Projects running out of budget, enabling only partial functionality
- Key technical experts leaving, creating skill gaps and unfinished enablement or delivery
- Fear of outages results in controls remaining in monitoring mode, rather than blocking or hybrid
- And perhaps most critical: limited capacity and stretched teams.
Despite organisations investing millions to meet audit and compliance objectives, data breaches and ransomware attacks continue to expose gaps in controls and security defences.
Demonstrating maximum value from current investments can build credibility with board and executives, helps align with business priorities, and continues to strengthen security posture even in tough times.
Five practical steps to maximise your current cyber strategy
Key areas in your cyber strategy to review for immediate uplift:
- Tighten access and identity controls
A new platform may be ideal but start simple by reviewing tools such as Microsoft Active Directory for last login dates. You’ll often find dormant accounts, unused privileged credentials, contractors who never started and even old pen test accounts. These are quick wins for reducing cyber risk. - Strengthen your existing security settings
Free resources such as the Australian Cyber Security Centre’s (ACSC) cyber security guidelines or Centre for Internet Security (CIS) hardening guides or benchmarks provide step-by-step instructions demonstrating how to secure assets to close exposures. They’re practical, detailed, regularly updated and free to access. - Unlock new and existing features
Vendors frequently add new capabilities to products you already own. A quick settings review, or a free vendor health check, can uncover features that boost return on investment (ROI) without extra spend. - Activate purchased but idle products
While organisations often use products such as Microsoft 365 E5 or A5 to access Microsoft Defender Antivirus, the wider tools often remain unused. Enabling all licenced products (for example Microsoft Purview) can strengthen guardrails and support initiatives like Artificial Intelligence (AI) governance. - Leverage service credits and free vendor services
Many vendor contracts include credits for cyber health checks or service optimisation. Make sure to ask vendors how to maximise these services or credits. A well-functioning product is always less likely to be replaced and provides greater benefit to the organisation.
How BDO can help
In times of economic uncertainty, looking inward is a practical first step. By optimising existing investments, cyber security teams can:
- Improve posture without major spend
- Build board and senior leadership confidence
- Keep cyber attacks at bay.
If this resonates, but you’re unsure where to begin, BDO’s cyber security experts can help identify quick wins and longer-term improvements to keep your organisation safe. Contact our digital team to find out more.
