Today, cyber attackers are always looking for ways to make their attacks, scams and campaigns as effective as possible. This includes exploiting whatever occupies the news agenda and the minds of victims.

Economic uncertainty and cybersecurity risks

The current economic uncertainty and cost of living pressures facing many consumers around the world is one example. Unfortunately, the pressure, fear, and concern felt by the public is a perfect time for cybercriminals to take advantage.

For example, in just two weeks, 1,567 phishing email campaigns related to energy rebate scams were reported through Action Fraud's Suspicious Email Reporting Service (SERS). Additionally, "friend and family scams" have increased by 58 per cent in recent months, according to TSB data. "Friends and relatives scams" refer to scammers posing as family members and tricking relatives into sending money to pay bills.

Risk from within the business

While these scams primarily target individuals, the organizations they work for can also be at risk. Extreme pressure (or coercion) increases the chances of an individual becoming an insider threat - stealing data, funds or other sensitive information from an employer. Not to mention threats from scammers posing as leaders or managers and making fake transfer requests. Everything can be the trigger for a potential incident - disgruntled ex-employees, unused accounts with full administrative privileges, misconfigured cloud storage exposing data, etc.

A downturn and uncertainty will cause many agencies to re-examine their spending and make cuts. It's a natural reaction.

The challenge with cybersecurity is that successful cybersecurity programs are often intangible. They work quietly behind the scenes, preventing threats and incidents from escalating before they get noticed by the rest of the organization. If leaders have not experienced the cybersecurity crisis firsthand, they may try to reduce their investment in existing tools and talent. But there's a fine line -- cutting off vital controls and capabilities affects an organization's ability to observe, sense, and react before an event escalates. Hacking is usually devastating for a company, but one that occurs during this period can be even more devastating.

Eliminate bloat, not power

Meanwhile, the cybersecurity market has historically been dominated by specialized point products. Companies can accumulate a wide variety of tools and solutions to manage their IT infrastructure and cybersecurity. The shift to cloud computing and remote work has driven a 19 percent increase in the average number of security tools organizations have to manage over the past two years, from 64 to 76, Panaseer's research shows. That doesn't even take into account the wider range of IT assets, from cloud services and software to workstations, personal mobile devices, users, and more.

Depending on the size of the company, various departments may use overlapping tools to try to solve the same problems. With so many separate solutions and software, it's not surprising that security teams can feel overwhelmed and unable to track and respond to incidents.

Excessive alerts and warnings create fatigue and make it difficult to distinguish between real threats and false alerts, adding to the challenge. Manually compiling an asset inventory of everything an organization might use takes an average of 86 man-hours, using 8 different tools. When the checklist is complete, the results are often out of date.

Effective cybersecurity detection and response is only possible when IT teams know what they are dealing with and how users and data interact. They need continuous, accurate and up-to-date information to mitigate threats, avoid risks and eliminate incidents.

In times of rising costs and falling profits, improving efficiency and cutting budgets are smart responses, but cybercriminals never rest. Businesses must eliminate bloat while limiting their own cybersecurity capabilities, or leaders may find themselves paying much more.