5 Ways to Recession-Proof Your Vulnerability Management Program

Sep 27, 2022
Kenna Security

Share with Your Network

Companies around the world are bracing for an impending recession, creating shaky market conditions and heightened financial fears. But as talks of layoffs and downsizing grows, security leaders are likely to be spared finding their teams on the chopping block. The last two years have established a new normal marked by unpredictability, driving the need for security resilience to help safeguard the entire business. And the demands of a hybrid workforce are placing more importance on the teams that can support a more fluid environment. 

Even so, post-pandemic cyberattacks and vulnerabilities continue to climb, especially when defenses are weakened or staff is thinned. Trends reveal that hackers like to piggy back on recessions when they believe companies might have fewer resources guarding entry points. So while there’s safety in priority, this dynamic is forcing business and security leaders to rethink their approach to vulnerability management, particularly in the face of a looming economic downturn.  

Want to recession-proof your vulnerability management program? Do these five things. 

To help kick start a vulnerability management overhaul, we’ve gathered five critical musts to adopt that will help see your team through the next recession (and any other threat the future throws your way).  

1) Align your teams and leadership around risk 

When everything is a threat, nothing is a threat. Especially given the sheer volume of CVEs bearing down on organizations right now. The industry is quickly evolving towards a risk-based approach to prioritization, focusing resources on the vulnerabilities that pose the greatest risk to each specific organization. Traditional approaches involved blanket strategies that cast too wide of a net around vulns that met a certain threshold (often, CVEs with a CVSS score of 7 or above). This leads to inflated and unachievable fix lists, and fails to consider a vuln’s dynamic nature or organizational context like asset importance or likelihood of exploitation.  

Assuming a risk-based prioritization mindset isn’t always easy and can meet with some resistance from people used to a “spray and pray” strategy. However, teams who based decisions on risk are shown to save time, money, and increase efficiency, benefits that even the least motivated can’t argue with.

2) Leverage existing security investments 

Environmental evolutions don’t always have to mean purchasing a whole suite of new technology. The right vendors offer open solutions that work with your existing investments, yielding even more value from your current tech stack. Leading risk-based vulnerability management solution providers think beyond their own tool and consider your entire ecosystem, offering a surplus of API options so you can better integrate your environment, eliminate data silos, increase visibility, and smooth out workflow inefficiencies.  

3) Unearth opportunities to automate 

Ensuring your vulnerability management program can endure leaner times means eliminating as many clunky, manual-intensive processes as possible. Workflows hampered by spreadsheets, prioritization guessing games, or time-consuming investigations could mean slow remediation and response times, leaving you more vulnerable than you want to be. Embracing automation can be a daunting prospect, but one that has the potential to pay dividends.  

Vulnerability management automation (when executed correctly) allows you to gain a faster, clearer understanding of your risk profile so you can make informed data-driven decisions with more confidence. 

4) Up your collaboration and communication 

One of the painful hallmarks of traditional vulnerability management is the ongoing friction that exists between IT and security teams, stemming from bloated fix lists, murky data, and unmet expectations. Assuming a risk-based approach to prioritization and vulnerability management helps provide a data-verified single source of truth, establishing shared marching orders, increased self-sufficiency and less back and forth. Boosting collaboration between remediation teams helps improve response times and save on finite resources.  

Clear and effective communication is another critical capability that can get stymied by outdated vulnerability management programs. Historically, security updates to company leadership or across departments were irregular and irrelevant, focusing on the number of vulns remediated or reminders to watch out for ransomware. Top performing teams now deliver timely, targeted progress reports framed around business risk, something that all leadership roles and stakeholders understand and appreciate. And healthy security hygiene training is ongoing, ensuring that as many workers as possible are up-to-speed on best practices and basic knowledge.   

5) Lean on machine learning to light the way 

Machine learning is seeping its way into our everyday and professional lives, so it’s no surprise that it’s driving the future of vulnerability management. Supervised machine learning helps create highly calibrated exploit prediction models based on multiple threat feeds, organizational context, asset importance, and real-time exploit activity.  

Teams can dial into the next big threat before it becomes a problem and understand just the right number of resources needed to respond. Leading risk-based vulnerability management vendors have data science techniques so finely tuned they can predict the weaponization of a vulnerability with 94% accuracy.  

Playing the cybersecurity catch-up game 

The unfortunate truth is that cybersecurity has been in a consistent reactive stance ever since hackers started bringing their a-game, so most organizations are trying to play catch-up. But the ongoing talent shortage combined with the impact of the Great Resignation, is forcing security leaders to get creative to fill knowledge and skillset gaps and increase vulnerability management efficiency and strength.  

Even though the cybersecurity landscape as a whole is lacking, there are a few innovators looking to gain ground and redefine what it means to be resilient. Thanks to enterprise management leaders like Cisco, teams are finally ridding themselves of their legacy systems and processes that hampered response times and visibility. Cisco is building an open, integrated solution that will lay the groundwork for security resilience for organizations around the world. By folding in Kenna Security technology, Cisco will deliver robust threat and vulnerability management capabilities driven by predictive analytics, advanced data science, unmatched threat intelligence, and intuitive prioritization.  

In this era of unpredictability, a potential recession is just the latest in a wave of upcoming change and unknown threats. You need to be able to navigate those challenges with confidence.  

Read the Latest Content


How the Great Resignation Is Weakening Security Defenses (and What To Do About It)

The Great Resignation is causing leaders to rethink their approach to cybersecurity, and take meaningful measures to secure their defenses.
Cybersecurity Best Practices

Why Severe Weather Events Act as a Welcome Sign for Hackers

With an uptick in the number of crippling natural disasters, attackers are striking when organizations are the most vulnerable.

5 Defenses Against Ransomware Attacks You Can Take Now 

Within the first four months of 2021, just six hacker groups had already extorted more than $45 million from 292 organizations.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.