Planning for, protecting against and responding to cyber-attacks of any kind is not typically thought of as the “sexy part” of IT. What is sexy is a business’ ability to continue operating, generating revenue, and thriving after an attack.
That’s what this discussion is all about – helping small to medium sized businesses guard against and/or recover from malicious activity from bad actors. A disciplined commitment to business continuity solutions is a necessary “fact of life” today and into the future.
Here are some other “facts of life” to consider when evaluating your organization’s security posture:
More than 40% of all data breaches involve small and medium-sized businesses
Just over 60% of all SMBs have reported at least one cyber-attack during the previous year
40% of the small businesses that faced a severe cyber-attack experienced at least eight hours of downtime.
91% of organizations with Business Continuity Backup Recovery solutions in place are less likely to experience significant downtime from ransomware. The cost of downtime is nearly 50x greater than the ransom requested in many cases.
As you might imagine, we’re not just talking about backups when we say business continuity. Of course, protecting your backups is important but were also talking about making sure your organization has a plan in place to:
Protect your backups
Separate network and authentication
Ensure local and cloud copies
Protect on-premises, SaaS and cloud data
Identify resources for restore or spin-up
Activate your plan for business recovery
Recently, Beau Smithback, Chief Stakeholder Strategist and Bill Crahen, Chief Stakeholder Architect of Envision IT were asked what’s in their crystal ball when it comes to cyber security, business continuity, and what organizations should be thinking about into the future. Here’s a bit of that conversation:
Beau Smithback
“I think the thing that we've been talking about a lot lately is compliance. It really is being hyper-diligent about understanding what your assets are on the network, understanding how they've been hardened, who has access to them. Mapping all that out and implementing zero trust.
Compliance is going to be driven by cyber security companies and cyber security insurance companies. Being ahead of that, not only improves companies’ postures, but it really gives them a good framework to say here's where to start and here's what the biggest risks are. I think there are a lot of companies who are in the small and medium sized business range that really don't understand how important compliance is. And as a result, they are reluctant to say, ‘Okay, let's go and sign up for services to do that.’ But I think that's changing.
Cybersecurity insurance companies are going to absolutely demand compliance and minimum security standards and that’s important because having a policy material to so many contracts today. The C-suite is going to be pushing organizations to move really quickly on the challenges because some of these compliance exercises might take a year to accomplish. For example, if you are reacting in the last month of a policy renewal, it may be tough to make it. But again, that’s why it’s so important to focus on it diligently.”
Bill Crahen
“I would say the good news is that these are things that we have been talking about. I'd say a lot of companies get it; they know it is important. Some were budgeting for it. I think the cyber insurance mandates are forcing companies to make sure they have all the necessary controls and processes in place.
Beginning last year, we were seeing cyber insurance companies mandating multifactor authentication on email, and external access. But now this past year, we've seen requirements for multifactor internally and those can big ticket items when it comes to budget.”
Beau Smithback
“The price of cyber insurance can't be forgotten. That’s increased dramatically over the last two years. I work pretty closely with a company who said their broker told them to see if they can renew it a little bit early. Because if they wait two or three months, it's going to go from an 80% increase to probably a 100% increase. That's how quickly the premiums are increasing. That’s chewing up a big chunk of the budget.”
Bill Crahen
“For me, I would say it is compliance. We’ve had a lot of conversations with customers, and they already had to deal with this, depending on their industry, but a lot of them haven't or haven't thought about it.
We can help those customers figure out what frameworks make sense for them. The good news is, if you pick, pick the right ones, or you don't pick the right ones, it's not wasted energy because they do map to each other. But getting started is so important, because this work can take up to a year to get through. It’s important to start now because we're seeing certain sectors, like government, that will have new compliance issues. So, if you deal with the government, you need to comply with these new frameworks. So, start early.”
To learn more about how Envision IT can maintain the health of your technology environment, strengthen your security posture, and help your organization address the ransomware crisis from “readiness to response”, visit us at www.envisionitllc.com or give us a call at 608.824.2060.
Sign up with your e-mail address to receive news and updates.
8040 Excelsior Drive #402, Madison WI | 608.824.2060 | info@envisionitllc.com
Privacy Policy