Cyber Resiliency Begins with People and Process, Not Technology

Over the past two years, COVID-19 has changed the way businesses operate and businesses have changed the way they leverage technology. But we’re not even close to finished yet.

Expect even lot more disruption, transformation—and opportunity—over the next couple of years as companies settle into new business models and hybrid working environment. The only constant along the way will be the omnipresent rise of cybersecurity threats—and even those will continue to adapt and look for new ways to cause damage. Managed services providers can’t afford to stand pat, now or ever, when it comes to cybersecurity, according to Greg Jones, business development director (EMEA) at Datto.

“We’ve opened up so many more opportunities, yet it comes with huge risks. The latest data says we’re looking at a 400% to 600% increase in cybercrime and ransomware since the beginning of the pandemic. We’re at a of stage where it’s really impacting business as a whole,” Jones said in a keynote session during a CompTIA UKI Business Technology Community meeting in Manchester.

Protecting Employees Anywhere Becomes Paramount

Compounding the cyber risk facing most companies is a more permanent hybrid or remote-work environment for many employees. With more workers accessing data from almost anywhere, more potential doors open to let a bad actor onto the corporate network.

“About 74% of companies will continue operate in hybrid working environment because they’re more profitable/productive than ever before,” said Jones. “And many of those businesses are the ones that pushed back from tech solutions that the MSP community was recommending even before COVID-19 hit.”

Jones noted that cybercrime has surpassed “real-world” crime in terms of damaging impact to businesses—and that 60% of small businesses experiencing a cyberattack go out of business.

“Crime in the real world evolved for thousands of years. Tech has been mainstream for what, 30 or 40 years? For that acceleration of cybercrime to overtake real-world crime is absolutely horrific,” he said.

As a result, global cyber spending is expected to increase from £156 billion in 2020 to £352 billion by 2026, with £40 billion alone for SMB/SME companies this year, Jones said.

Three Pillars of Cyber Resilience

Cyber resilience includes security, monitoring, and business continuity/disaster recovery technology. However, a successful cyber resilience strategy requires a holistic approach that starts with people and process—and then technology, according to Jones.

“There will be some vendors who will try to get you to lead with technology. Don’t lead with technology. That might sound strange coming from a vendor, but that is the best way to lead,” Jones said. “Start with people and process. Build out people within your business. Do they have the right skillsets, the right education, the right development? The most risk to organizations is lack of training. Then cascade that down to customers. When you get people and a process in place, only then look to fill it with technology. Cybersecurity conversations with customers should focus on business, not on technology or tools.”

A great resource to provide customers with—to encourage continued conversation—is A CEO’s Guide to Addressing Cybersecurity Concerns, created by CompTIA’s Cybersecurity Advisory Council.

The time to start acting on your cyber resiliency is---now, of course, said Jones. Waiting can only lead to trouble.

“It pains me to say this, but these criminal organizations are amazing businesses. Very agile, they operate multiple geographic locations, 24x7, they are bilingual. It might sound crazy, but they pride themselves on the customer service that they deliver to their ‘customers.’ For example, they’ll talk you through paying ransomware in Bitcoin.”

Cybersecurity Isn’t Easy, But You’re Not Alone

It’s not just MSPs that find cyber resiliency challenging. Even the biggest tech vendors find it daunting, Jones said. One way to reduce those concerns is by working together—vendors, MSPs, SMBs, and supply chain companies as well.

“We can only chip away against the threat actors if we work together. Nobody has the silver bullet or all the tools to address cyber resiliency. Every MSP should be contributing time to cyber resiliency. Unfortunately, many businesses don’t because they just see it as too daunting,” he said.

The NIST Cybersecurity Framework from the National Institute of Standards and Technology aligns well with MSPs, SMBs and SMEs and is a great start to strive for cyber resiliency—emphasis on start, according to Jones.

“The reason resiliency is a never-ending circle is because it’s not something you achieve and say, ‘we’re now cyber resilient.’ The threat landscape evolves 24x7,” he said.