As you well know !
Businesses must prioritise cybersecurity as part of their risk management processes – don’t risk your business by leaving it as an afterthought.
With ever more of our personal and professional lives inhabiting the digital world, the need to protect the ways in which we shop, communicate, share and operate has never been more crucial.
According to the World Economic Forum, up to 70% of new value created in the economy over the next decade will be based on digitally-enabled platform business models.
Consumer and personal data is also being stored in increasingly vast quantities, with the number of IoT connected devices expected to soar to 43 billion in the next two years.
This rocketing online growth is expected across all industries, geographies, and for businesses of all sizes – from giant enterprise corporations to the small and medium sized business verticals that power most economies.
Yet, for too many organisations, protecting this vital conduit for business remains an afterthought.
Even following the shockwave of the Covid-19 pandemic – and the resulting acceleration of the pivot to digital – 40% of UK SMBs say they haven’t invested more in cyber defence.
Where they had invested, it was in basic technology like virus guards and first-generation firewalls.
In today’s data-driven, hyper-connected digital world, this simply isn’t enough.
Cybersecurity defence, in 2021, is really about both risk management and business continuity.
To put it bluntly, it’s about whether your business survives in the aftermath of a cyber attack – or whether, like thousands of companies each year, you fold.
The warnings are severe because the statistics are frightening. Every day, there are around 65,000 attacks on UK SMBs, of which around 4,500 are successful.
Cybercrime has soared to record levels in 2021. The Head of GCHQ made a rare statement in October to warn that ransomware attacks have doubled in just 12 months.
And then there is the growing cost of a data breach. UK organisations now face an average cost of £3.36million, a rise of 8% from 2020 and above the global average.
A rapid shift to remote working – and the security risks that can snowball from this – has also sent cybercrime risks and costs soaring.
Amid all this, UK SMBs are also experiencing ransomware attacks, mostly for the first time, as many larger enterprises get better at protecting themselves. A recent survey of 500 business leaders found that nearly a quarter of UK SMBs – equivalent to 1.3 million companies – would likely go bust if forced to deal with the cost of an average cyber attack.
These days, companies must face down phishing scams, malware attacks, Distributed Denial of Service (DDoS), attacks and increasingly Business Email Compromise scams that frequently target executives and result in wire transfer fraud.
Then there are cloud-based endpoint vulnerabilities, and a growing awareness of the impact of third party and supply chain attacks.
So, when it comes to effective cyber defence, there are three key components an organisation needs to consider: Technology, people and planning.
Technology – This is first and foremost about accepting the need to spend on cybersecurity tools. With growing amounts of business – from e-commerce transactions to sales funnels to holding customer data – coming via digital channels, the need for companies to invest in their cybersecurity posture to protect those revenue channels is increasingly important.
Failure to do so can be catastrophic – a single data breach, for example, could cost a business its entire reputation – and with that reputation loss goes the appetite for customers to trade with it.
One report showed 33% of UK organisations lost customers after a data breach. And 44% of UK consumers claimed they would stop spending with a business for several months following a breach.
In 2021, every organisation must ask itself: how much of my business, and by extension, how much of my customers’ information, is accessible over applications and networks?
There are a few areas of cybersecurity to consider:
Network Security – organisations must ensure cyber criminals cannot access internal networks, by protecting network infrastructure and preventing unauthorised access. New techniques include machine learning to highlight abnormal traffic, as well as application security methods such as antivirus programs. Simple protections such as using new passwords are also effective.
Application Security – uses hardware and software to combat threats, particularly in the development stage of the application. Types include firewalls and encryption programs.
Cloud Security – with 90% of UK companies now adopting cloud computing in at least some aspects of their business, security providers are constantly creating new tools to protect clients’ data. Security measures to consider include ensuring your cloud storage provider runs its own data centre.
IoT Security – with everything from wifi routers to televisions and printers now connected, if your business uses or supplies IoT products it is vital to implement defence strategies before they are shipped or used. IoT devices are often inherently vulnerable and offer little to no security patching.
Critical infrastructure Security – organisations with any responsibility for critical infrastructure, from shopping centres to ports, should perform high levels of due diligence when it comes to cybersecurity. And companies who are not responsible for critical infrastructure – yet whose business relies on it – should develop cybersecurity contingency plans.
One of the ways to ensure cybersecurity concerns are properly addressed is to use experts to handle this for you. Even for SMBs’, the cost of getting in a cybersecurity firm – or managed service partner – is a cost-effective way of handling cyber issues. Outsourced security teams will keep you up-to-date and protected against the latest threats.
That brings us onto people.
Cybersecurity may sound like it’s about technology stopping technology – but really it’s about people. Cyber professionals are at the heart of this industry, because it’s their programming, creativity, insights and monitoring skills that keep the technology working.
As cybersecurity becomes a brand protective imperative, bringing in a CISO to tie cybersecurity to business agendas, modernise security architecture and implement IT hygiene, is increasingly important.
Security architects – who can design IT security infrastructure and educate staff on cyber policies – and security analysts – who monitor systems and create plans to prevent cyber attacks – are among other vital human components of a company’s security protection.
And then there is training. No other measure impacts IT security as much as regularly training staff on measures such as the need to avoid phishing emails, sharing passwords or staff using their own devices for work.
The final cybersecurity component to consider involves planning.
Too many organisations – where they do invest properly in cybersecurity – only plan for pre-attack. But equally importantly, businesses need to plan for post-attack. Just a little bit of time spent now, putting together a plan for dealing with the aftermath of an attack, could be what saves your business.
For example, every organisation should have a plan in place for dealing with a data breach. Which authorities do you contact, how do you tell customers, which experts will you need to bring in to restore systems and how do you protect your crown jewels – the elements of your online business that you simply can’t do without.
Measures such as having well-backed-up duplicate systems in place, cloud security, and effective cyber-insurance are imperative.
Ultimately, in the same way a business will protect its physical stores – by using security guards, secure transactional tools and having fire alarms, for example – they need to employ the same diligence with the threat of cybercrime.
Cybercriminals are not necessarily targeting your business. Instead they are operating a scattergun approach, probing for weaknesses in any SMB’s defences. But if they find that weakness in your operations, they will – sooner or later – exploit it – and in doing so, threaten your very future.
So make cybersecurity a priority and ensure you are fully protected against one of the world’s biggest – and growing – threats.
On a final note, I’d like to add that camDown !