Businesses must take a holistic approach towards cybersecurity to counter the increasing cyber risks. This includes people, process, and technology. COVID-19 has made a significant impact on the way businesses work and how they use technology over the past two years. We’re not done yet.
As companies transition to new business models and a hybrid working environment, expect even more disruption, transformation, and opportunity over the next few years. The constant will be the ever-present rise in cybersecurity threats. Even those that adapt will continue to look for new ways of causing damage. According to Greg Jones (EMEA director at Datto), managed services providers cannot afford to be complacent when it comes cybersecurity.
“We have so many new opportunities, but it comes with great risks. According to the latest data, we are seeing a 400%-600% increase in cybercrime since the outbreak of the pandemic. It’s at a stage where it’s really affecting business as a whole,” Jones stated in a keynote session at the CompTIA UKI Business Technology Community meeting.
Protecting employees anywhere becomes a priority
A permanent hybrid work environment or remote-work environment for many employees can compound the cyber risk faced by most companies. More workers can access data from anywhere, which opens up more opportunities for bad actors to get into the corporate network.
“About 74% of companies will continue operate in hybrid working environment because they’re more profitable/productive than ever before,” said Jones. “And many of these businesses are the ones that have resisted tech solutions that the MSP community recommended long before COVID-19.”
Jones pointed out that cybercrime is now more damaging than “real-world crime” in terms of its impact on businesses, and that 60% of small businesses that are affected by a cyberattack have to close their doors.
“Crime in real life evolved over thousands of years. What, 30-40 years? He said that cybercrime is on the rise and will soon overtake real-world crimes.
According to Jones, cyber spending worldwide is expected to rise from PS156 billion in 2020, to PS352 trillion by 2026. SMB/SME businesses will see an increase of PS40 billion this year.
Three Pillars of Cyber Resilience
Cyber resilience includes monitoring, security, and business continuity/disaster relief technology. Jones says that a successful strategy for cyber resilience must be holistic and include people, process, and technology.
“There will be vendors who will try and get you to lead using technology. Do not lead with technology. Jones stated that although it might sound odd coming from a vendor this is the best way for a leader to be.” “Start with people, and then move on to the process. Your business should be able to develop people. Are they able to develop their skills, education and knowledge? Lack of training is the greatest risk for organizations. Then, you can pass that knowledge on to your customers. Once you have people and a process in place then you can start to look at technology. Customers should not be focusing on technology or tools when discussing cybersecurity.
CompTIA’s Cybersecurity Advisory Council created A CEO’s Guide for Addressing Cybersecurity Concerns as a great resource to share with customers and encourage continued conversation.
Jones said that now is the time to take action on your cyber resilience. Waiting will only lead to trouble.
“These criminal organizations are incredible businesses, even though it hurts me to say it. They are agile, operate in multiple locations, and they are bilingual. Although it may sound absurd, they are very proud of the customer service they provide to their customers. For example, they will help you pay ransomware in Bitcoin.
Cybersecurity isn’t easy, but you’re not the only one.
Cyber resilience is not only a challenge for MSPs. Jones stated that even the largest tech vendors find it difficult. Working together can help reduce these concerns–vendors and MSPs, small businesses, and supply chain companies.
“We can only work together to counter the threat actors. Cyber resilience is not a panacea. Nobody has all the tools or the magic bullet. Every MSP should contribute time to cyber resilience. He said that many businesses don’t see it as too difficult.
Jones says that the NIST Cybersecurity Framework, which is provided by the National Institute of Standards and Technology, aligns well with MSPs and SMBs and is a great starting point to work towards cyber resilience. Jones emphasizes the importance of starting.
“Resilience is a never-ending circle because it’s not something that you can achieve and say, “We’re now cyber resilient.”
