There is no way to be fully prepared for a pandemic. Anything can happen and it is impossible to make predictions. Peoples’ businesses are struggling, and they don’t need any more trouble. Unfortunately, cyberattacks are a constant threat, and they are almost always unpredictable, posing a serious risk to small businesses. Any attack could potentially cost you thousands of dollars and waste a lot of time. In the worst case, a cyberattack could even force a business to shut down for good.
There are threats out there that people know exist, so they prepare for those. They implement security protocols for their businesses such as enabling firewalls, two-factor authentication, and remote monitoring and maintenance (RMM). Measures also include employee training and security consulting from thirty-party groups.
Preparing for the Unknown
There are also the threats that are unknown. According to the cybersecurity news website Dark Reading, there are three types of unknown threats: the unknown knowns, the known unknowns, and the unknown unknowns. You can read more about these categories on Dark Reading’s website, but suffice it to say there are lot of mysteries in the world of cybersecurity threats, not all of which are mysteries to the uneducated.
When a cyberattack happens, for instance, the true risk and extent of the vulnerability is often not revealed until long after the fact, usually during an investigation.
One type of attack that works like this is advanced persistent threats (APT). According to FireEye, the median dwell time for an APT was 60 days, meaning that malicious actors are able to “dwell” for two months before being discovered by IT teams. If that number sounds shocking, it’s because it is. This number is actually down from 71 days in 2018, but this downward trend is not all that comforting. That’s because, as FireEye notes, some dwell times far exceed the median of two months. During this whole period of time, hackers can lurk in your systems, stealing information and snooping on your activity. As you can see, the danger comes in the form of not knowing.
As stated, it is impossible to sufficiently prepare for an unknown unknown, a threat you don’t even know exists. If people had no concept of rain, for example, there never would have been a reason to create the first umbrella. In recent memory, one of the most significant unknown unknowns was Covid-19. Again, you can’t start developing a vaccine, distributing PPE, and taking other health and safety measures before you know the danger exists. What you can do, however, is prepare in the general sense; predicting Covid-19 was impossible, but building resilience to sudden, dramatic global shifts would have helped. And that’s what you should be doing for your own cybersecurity.
Systems Resilience in an Interconnected World
Systems resilience refers a system’s ability to operate during a major disruption or crisis with minimal impact on business operations.
One of the most powerful ways to remain resilient is and flexible is to use the cloud. Here are just a few of the ways your business from the cloud can get a boost when the next crisis happens:
- Move your low priority applications to the cloud to free up internal resources for things like improved management of online web traffic
- Handle spikes in online traffic and keep customers happy by utilizing unlimited cloud resources
- Collaborate in real time with coworkers anywhere around the globe, including those working from home
- Access files, applications, and everything else you need to work remotely
- Back up business-critical data and reboot quickly after a disaster or shutdown
- Align costs to demand using “pay as you go” model
Today’s businesses have an increasingly complex and global digital footprint. This is due in large part to globalization. Everybody relies upon somebody else. This is generally a positive phenomenon as it allows people to specialize rather than try to do everything, making everyone more productive and efficient. However, the downsides to this efficiency became painfully clear once Covid-19 appeared. Industries that had been operating as low-cost and as economical as possible fell into chaos once people started getting sick and lockdowns started restricting labor and access to raw materials. One thing that was able to keep the world from coming to a silent standstill was the internet, and for that we should be grateful.
All this interconnectedness means that businesses are like dominoes. Push one over and the rest all tumble with it. What you’ve got to do is not stop relying on others but rather take proactive steps towards protecting yourself. Waiting until disaster strikes is just not how you keep yourself from being a victim.
Take this threat analysis, for example. According to Help Net Security, 89% of security professionals believe that the threats that pose the greatest threat are phishing, ransomware, and web attacks. Conversely, just 48% of businesses have “continuous visibility” into these areas. These attacks are all threats we know of and understand, so there’s no excuse why you shouldn’t be taking steps to stop them.
If you need more convincing, consider the financial incentives. Security training has a proven track record of being effective at reducing the effectiveness of phishing attacks. According to the 2014 State of Cybercrime Survey, the average financial loss for companies that had conducted security awareness training was $162,000. Conversely, companies that had no employee training had an average loss of $683,000.
A Partner that Won’t Fail
As we have seen from Covid-19, you’ve got to be adaptable to protect yourself and your business. You can do this on your own, but the time commitment will be extraordinary. Think of the opportunity costs; the time that it would take to both learn and implement good security practices on your own could be better spent growing your business instead. It makes more sense to do what you do best and let others do what they do best.
Making cybersecurity work for you in a simple but effective way is what MSPs do best (one of many things, actually). Managed service providers (MSPs) are IT companies committed to helping your business accelerate their growth though improvements in their infrastructure. Here a few of the ways MSPS can make that happen:
- Walk you through the basics of cybersecurity
- Utilize remote monitoring and maintenance (RMM) tools to proactively search for threats and fix vulnerabilities before they’re exploited
- Provide critical performance and security data to inform business decisions
- Identify weaknesses in networks and endpoints and secure them
- Advise and promote good cyber hygiene to inform your IT policies
You may have noticed that many of these things overlap with the lessons businesses have learned since the pandemic began. That’s true. Remember, you can’t do everything yourself. Since you can’t know everything about cybersecurity, at least you can work with the people who try. That’s what we’re here for.
Don’t leave yourself vulnerable. Don’t take unnecessary risks with your business. Act before something happens, not after.
For more reading, you may be interested in finding out where the holes in your remote security are. We recommend you check out this reading if you want to know what else an MSP can do for your cybersecurity.