• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions
Flyy Tech
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs
  • Camera
  • Audio
No Result
View All Result
Flyy Tech
No Result
View All Result

8 things to consider amid cybersecurity vendor layoffs

flyytech by flyytech
December 1, 2022
Home Security
Share on FacebookShare on Twitter


2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp’s tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world have announced significant staff cuts, including Amazon, Twitter, Meta, and Salesforce. Although perhaps less severely affected, cybersecurity vendors haven’t been immune. Popular security firms including Snyk, Malwarebytes, Tripwire, Cybereason, and Lacework have made notable workforce cuts this year, albeit for varying reasons from shifting business strategies to increasing cash runway.

In total, 34 security firms have announced layoffs or workforce restructuring since the start of 2022, according to layoff tracking site Layoffs.FYI. Most cited as driving forces behind cuts were a tightening market and the need to protect business longevity. While there’s little evidence to suggest 2023 will see wide-sweeping cybersecurity vendor workforce cuts of unprecedented scale in a tech sector that is faring relatively well, increasingly uncertain economic times mean that nothing is off the table. Momentum Cyber’s Cybersecurity Market Review Q3 2022 found that cybersecurity stock prices decreased 7.2% during Q3 2022, underperforming the NASDAQ at -5.0% and the S&P 500 at -6.3%. Meanwhile, the 2023 State of IT Report found that 83% of companies are concerned about a recession in 2023, with 50% planning to take precautionary measures to prepare for an economic slowdown that could see a significant portion hunker down on cybersecurity purchases and services, the report stated.

These are not monumental shifts or predictions, but they do reflect the ambiguous economic situation. They are also the types of trends that can cause cybersecurity businesses to assess and adapt their strategic positions which, as 2022 has shown, can involve staffing cuts. Reasoning aside, cybersecurity vendor layoffs raise several issues for CISOs and customers, not least security and risk-related factors. If you find yourself in the position where your cybersecurity vendor has announced cuts, here are 8 things to consider to put yourself and your business in the best position to weather the potential storm:

Can vendors provide the same level of support, communication?

First and foremost is the concern that security vendor cuts could impact a vendor’s ability to provide the same level of service support, Frank Dickson, group VP for IDC’s security and trust research practice, tells CSO. “Support is really underappreciated. When we do surveys of people who like their vendors, support always comes out as the most important feature, and it’s a huge differentiator. Does that support change? Is your field service engineer, the person that you worked with, going to change? What about new cloud configuration, scalability, those kinds of things?”

Netskope CISO EMEA Neil Thacker, agrees. “When a security vendor announces significant layoffs, customers should be most concerned about reduced engagement and communication,” he tells CSO. “Security vendors and customers should have an open and clear channel of communication to discuss any issues, challenges, and new requirements. If the ability to engage and communicate with a security vendor becomes difficult, it’s a clear sign that the layoffs have affected the organization in problematic ways.”

CISO should talk with their account managers or even senior leadership about how a vendor is managing layoffs, adds Ed Skoudis, president of SANS Technology Institute. “Businesses should be asking vendors a number of key questions: What are they doing to protect their portion of the supply chain? How can we be sure they don’t take their eye off the ball, but continue to protect us?” Honesty and transparency are vital, and amid challenging times, clear and decisive messaging from your vendor should reassure you that they’re positioned to support your business needs despite layoffs, he says.

Where are vendor cuts being made?

Next to consider is precisely where cuts are being made and if they’re tied directly to the security product or service that’s being offered, Forrester senior analyst Jess Burn, tells CSO. “The personnel that are being let go might be redundant in the eyes of the leaders, but they might have played a pretty vital role in a security process or function that you actually depend on from that vendor. That means whoever is left is going to have more on their plates, and they’re going to be doing more with less.”

Layoffs of engineers and developers should be the most concerning for CISOs and security teams, Burn adds, describing them as the “canary in the coalmine” when it comes to spotting and fixing security threats. “Often, when we see some of these early layoffs, they impact recruitment or marketing staff, but that shouldn’t concern you really.”

However, if you’re looking on LinkedIn and seeing engineers or developers being laid off, that should give you pause for thought, Burn says. Dickson concurs, adding that sales or marketing cuts are unlikely to affect the ability to get security value from the vendor, but cuts to key service or engineering staff could well do just that. For Thacker, the biggest risks to customers would come from a reduction in DevSecOps staffing, “which would potentially bring about a reduction in security oversight, feature updates, and even impact upon the general availability of the service,” while Yuval Wollman, chief cyber officer and managing director of UST, thinks cuts to innovation and research staff could have a direct impact on a product’s efficiency and reliability as the threat landscape evolves and changes.

CISOs should therefore feel comfortable asking their vendors for details about where cuts are being made and how they relate to vital security functions – and vendors should be happy to provide such information.  “A reduced security workforce will impact innovation. Your particular mix of vendors and service providers might be best of breed right now, but with staff stretched thinner, new innovations may slow down, allowing attackers to gain the upper hand as they continue to innovate their attack strategies,” warns Skoudis.

What is driving the vendor’s layoffs?

Another key factor to consider if your security vendor is laying off staff is what is driving the cuts, Dickson says. “The complexity we have is that some layoffs are not necessarily driven by a lack of revenue. Clearly, macroeconomic factors aren’t good, but you can’t necessarily take layoffs by a vendor as an indictment of their business model.”

There are numerous high-flying, almost “unicorn-type” security startups that identify a need, get funding, and all of a sudden get massive growth, Dickson adds. “The goal of this growth is to achieve some sort of IPO event, funding revenue growth with venture equity. As long as they are showing revenue growth and there’s a lot of venture funding available, they can do that. What happens when the economy goes south? Venture funding goes south.” If these types of vendors then produce the same revenue growth at the rate they were without funding, they have to make revenue equal to expenses – i.e., continue to grow but keep cash flow neutral. “Sometimes you’ll see layoffs associated with that and it’s important you look at this equity and the layoffs at a vendor, asking whether it’s because they were funding revenue growth with venture capital, or if it’s an indictment of their business model. You must take each one on a case-by-case basis.”

You can also investigate whether the company is simply experiencing an exodus of staff who are moving voluntarily, often a sign of internal unrest, adds Wollman. “Speak to other people in the market, and demand clarity from your vendor on what’s happening.”

What security service does the vendor provide?

It’s also important to assess the security service your vendor provides amid staff layoffs, Dickson says. “If you’re talking about a vendor that just secures your on-premises infrastructure, that’s kind of a known commodity. We know what a firewall does. We know what a secure web gateway buys us – we’ve done this for 20 years now.”

This could make any layoff-impacted operations or services easier to augment or replace (if required). However, if the service is more complex, less practiced or provides protection against newer, less predictable threats such as those impacting AWS built-in Kubernetes, then risks could be more significant. This could also be particularly troubling if an MSSP is involved, Skoudis adds. “Their SOCs are usually run without a lot of extra people, and fewer eyes and brains analyzing events from your network could mean that particularly devious attackers will go unnoticed longer.” As for SaaS technology, reduced headcount could raise questions about whether bugs and vulnerabilities are being found, patched, and fixed to the same standard.

The best way to mitigate risks here is to be aware of what controls the security vendor provides, and who is responsible for what, Thacker says. “The shared responsibility model should be mapped for every critical security vendor, and a review of these controls should take place on a regular basis.”

Could security vendor layoffs create sabotage risks?

A disgruntled employee who just lost their job could retaliate against their employer or the customers, Skoudis warns. If not addressed, this could open businesses to notably heightened security risks. “They could build backdoors into systems, steal sensitive information for sale on the dark web, blind detection capabilities, or commit all kinds of other mischief in products and services. In some ways, the ultimate supply chain attack is when the insiders in an organization undermine their own product or service by backdooring it or otherwise sabotaging it.”

According to one study, 45% of employees save, download, or send company data outside of the network before they leave a role, says Wollman. “In the case of a disgruntled ex-employee, the process of saving or downloading data could look like intentional data leakage or destruction, but even if the parting is amicable, organizations need to think about files being deleted or damaged, or intellectual property being stolen or misused.”

CISOs should seek reassurance from vendors that they handle any layoffs appropriately sensitively and securely, citing proof of clear and effective off-boarding processes as something to ask for. “Software development integrity controls and code checking are super important in light of sabotage-related supply chain attacks, and during times of lay-offs, it’s particularly important for companies letting people go to really focus and do this carefully, lest they subject their customers to increased risk,” Skoudis says. Vendors could be asked to review and prove their own security posture during and after layoffs.

Could layoffs put a security vendor in breach of contract?

Security vendors have a responsibility to meet contractual obligations regarding the service they provide, and if staffing cuts hamper their ability to do so, a business could find itself involved in a legal dispute, Burn points out. “If they’re not able to prove that their solution is going to keep a company safe despite layoffs, then they could be in violation of the terms of a contract and subscription. So, you might have to get a little bit legal, and that’s where you might need to line up a replacement solution too.”

When should you consider switching security vendors?

Dickon advocates caution for those considering switching vendors, even if there are concerns about the immediate impacts of layoffs. “Don’t just think about today or even three months from now. Consider the vendor and where they will be in two years from now. Might you be in a better spot if you stay with a vendor? Are you in a better spot if you switch?”

Wollman advises considering the business impact of any vendor change. “Thoroughly investigate what it would look like to switch to a new product or vendor. Ask yourself: ‘What is the financial cost of a switch of vendor, or of losing this vendor if they go out of business? What will the operative impact be of both scenarios?’ Weigh up the situation from every angle before you make any final decisions.”

What’s the silver lining of security vendor layoffs?

Among the potentially troublesome issues security vendor layoffs raise, there are some theoretical upsides. “In some cases, layoffs may be a good sign of a security vendor who is streamlining and cutting inefficiencies, especially as we come out of a period of high growth, where companies may have onboarded new staff too quickly,” Wollam says.

Burn urges CISOs and businesses not to overlook the opportunity to benefit from staffing cuts, in that a vendor’s loss of skilled security people could be their gain. “You could recruit them. Security vendors have always recruited away from end-user organizations. Now there is an opportunity for CISOs, because there is still a massive staffing shortage.”

As a security leader, you could find yourself being able to staff up internally with people who have been laid off if they happen to be folks that are in engineering or some other security-type role, she adds. “There is an opportunity, in the racket, to come out on the right side out of this, because I know firms are still having a terrible time recruiting and retaining security talent, specifically because they’re in such high demand.”

Copyright © 2022 IDG Communications, Inc.



Source_link

flyytech

flyytech

Next Post
Should You Upgrade to the Pixel 7? See How It Compares to Older Pixels

Should You Upgrade to the Pixel 7? See How It Compares to Older Pixels

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Senators Will Prod Live Nation and Ticketmaster on Antitrust

Senators Will Prod Live Nation and Ticketmaster on Antitrust

January 25, 2023
Infinity Ward promise plenty of tweaks to Modern Warfare 2 following series’ biggest ever beta

Infinity Ward promise plenty of tweaks to Modern Warfare 2 following series’ biggest ever beta

September 28, 2022

Trending.

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

Image Creator now live in select countries for Microsoft Bing and coming soon in Microsoft Edge

October 23, 2022
Review: Zoom ZPC-1

Review: Zoom ZPC-1

January 28, 2023
Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

Elden Ring best spells 1.08: Tier lists, sorceries, incantations, and locations

January 14, 2023
Allen Parr’s false teaching examined. Why you should unfollow him.

Allen Parr’s false teaching examined. Why you should unfollow him.

September 24, 2022
How to View Ring Doorbell on a Roku TV

How to View Ring Doorbell on a Roku TV

December 20, 2022

Flyy Tech

Welcome to Flyy Tech The goal of Flyy Tech is to give you the absolute best news sources for any topic! Our topics are carefully curated and constantly updated as we know the web moves fast so we try to as well.

Follow Us

Categories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Cooking
  • Entertainment
  • Fitness
  • Gaming
  • Laptop
  • lifestyle
  • Literature
  • Microsoft
  • Music
  • Podcasts
  • Review
  • Security
  • Smartphone
  • Travel
  • Uncategorized
  • Vlogs

Site Links

  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms & Conditions

Recent News

What are ChatGPT plugins? Here’s everything you need to know

What are ChatGPT plugins? Here’s everything you need to know

March 24, 2023
New DPA Pencil Mics — AudioTechnology

New DPA Pencil Mics — AudioTechnology

March 24, 2023

Copyright © 2022 Flyytech.com | All Rights Reserved.

No Result
View All Result
  • Home
  • Apple
  • Applications
    • Computers
    • Laptop
    • Microsoft
  • Security
  • Smartphone
  • Gaming
  • Entertainment
    • Literature
    • Cooking
    • Fitness
    • lifestyle
    • Music
    • Nature
    • Podcasts
    • Travel
    • Vlogs

Copyright © 2022 Flyytech.com | All Rights Reserved.

What Are Cookies
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT