Posts

Cyber Security Will Change Companies

Security, Privacy, & ComplianceAt a recent security and risk management summit, Gartner shared their views of how cyber security will change companies.  While Gartner’s predictions focus on larger enterprise, several of their observations will likely hold true for small and midsize businesses (SMBs).

Here are some observations and our view of how they will impact small and midsize businesses.

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.

Privacy regulations will continue to expand as more nations pass legislation establishing privacy requirements.  Within the US, we expect more states to follow California, New York, and Massachusetts with varying levels of regulations. Along with the regulations come the potential for fines and increase civil litigation. In many of the statues, the protection is afforded the customer based on the customer’s location, not the location of the business.

For SMBs, establishing an maintaining a sound security footprint is essential.  Beyond the technology tools, businesses need to educate employees and have the policies and procedures in place. These policies and procedures should define expectations for employees and for how the business will respond to an incident.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE (Security service edge) platform.

Protecting access to systems is more challenging as the proliferation of usernames and passwords continue.  As the human element can be the greatest security challenge, Identity and Access Management (IAM) solutions will become the norm.

For SMBs, Single Sign-On (SSO), centralized identity/password vaults, and other tools are available and are, generally affordable.  Many SMBs current hesitate given the incremental cost per user per month. As the cost and risk of missing becomes greater, we expect SMBs will see value of Identity and Access Management solutions. These solutions will become the norm, not an add-on.

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

With increased concern and scrutiny from customers, consumers, and regulators, businesses are under increasing pressure to monitor and protect against third-party cyber security risks.  This trend will impact SMBs in two ways.

  1. Given the prevalent use of business email addresses as identities for third party applications and services, SMBs will monitor for reported breaches. Third party breaches give cyber criminals an attack vector.
  2. Larger enterprises will see businesses in their supply chains as potential security risks. They will increasing include cyber security requirement in vendor authorization process and in contracts.

SMBs need to be ready to meet the security and risk management demands — people, process, and technology — of their customers.

By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.

As businesses adapted to the COVID-19 pandemic, the inability of most businesses to respond to large scale disruptions exposed flaws in traditional business continuity planning. The pandemic put a spotlight on the need for business resiliency and continuity plans for businesses that had not yet considered continuity to be a priority.  The level of planning to address the threats from cybercrime will need to be the same as the planning for other disasters and business disruptions.

For SMBs, leveraging cloud solutions will remain the most cost-effective business continuity option.  Moving systems and applications into cloud services increases security, adds redundancy, provides geographic diversity, and provides better remote access than on-premise systems.  SMBs are at greatest risk from local or regional issues. Cloud services … even if only a “lift and shift” of existing servers and applications … will be accepted as a cost-effective way to improve security and resiliency.

We expect small and midsize businesses will need to expand their security footprint. They will need to improve resiliency.  Appropriate solutions are available and are affordable.  Businesses can meet their security, resiliency, continuity, and operational needs effectively and affordably. The inherit advantages of cloud services and solutions make this possible.

To evaluate your requirements and readiness for better security and resilience against cyber attacks and other business disruptions, contact us for a consultation, or book some time with a Cloud Advisor.  The consultation is free and without obligation.


Overconfidence in Disaster Recovery: Common and Costly

support-liferingAs reported in CloudTech, a recent study in the UK of 250 businesses finds that 95% experienced outages or data loss in the past year, with 87% needing to go to failover systems.

There is a mismatch between expectation and reality when it comes to disaster recovery.

Of the 87% that executed a failover, 82% were confident it would go well, but 55% encountered problems. And while 69% stated outages lasting minutes would be “highly disruptive” or “catastrophic”, only 27% were able to recover all systems immediately following an outage. With 37% of respondents indicating they do not regularly test their DR capabilities, many organizations have no basis for expecting a smooth failover.

Outage Sources

While we often focus on the “big disaster” that could interrupt our businesses, 53% of the outages were to mundane system failures and 52% were due to human error (more than one response was possible). Cyber attacks and environmental issues caused 32% and 20% of the outages, respectively.

Three Things We Can Learn

  1. Comprehensive disaster recovery and business continuity costs money. Running infrastructure and systems in the cloud and/or using cloud-based DR and Business Continuity solutions can help mitigate these costs.  You will, however, need to assess potential downtime and time to recover, the impact of downtime, and the cost to create the right balance for your organization.
  2. Testing your DR/Business Continuity solutions should be easy and cost-effective. Plan on testing at least twice per year.
  3. Your DR/Business continuity solution should help reinforce your overall data protection and business operations. Shifting from a “recovery”-centric strategy to one of resilience can lower costs and minimize the risks and impacts of unplanned outages.

If you want to improve your business’ resilience and lower your IT costs, contact us for a free Cloud Advisor session.


 

Webcasts

Small Business Guide to Cyber Threats, Security, and Response

3T@3 Webcast Series: Tuesday, Jun 15th at 3:00 PM

The recent ransomware attack on Colonial Pipeline sent shockwaves through the gasoline supply chain. And while some panicked and tried to stockpile gasoline, others saw this major cyber attack as evidence that “I am not the target”. Over 50% of small businesses think they are too small for a cyber attack.

With 43% of cyber attacks targeting small businesses, the number of breaches in small businesses jumped 424% in 2020.

In this month’s 3T@3 Webcast, we provide a practical guide to cyber threats and security. No fear mongering, no hyperbole. We will share data that quantifies your level or risk and the most prevalent types of risks and will outline practical, reasonable, and affordable steps you can take to both protect your business and, should an attack succeed, respond and recover.

This session will save you time and money today, and might just save your business in the future.

Watch the recording on-demand



Data Protection & Security