What's the first word you think about when you hear the word cybersecurity? You're probably going to say things like antivirus or firewall. Who can blame you? In fact, a lot of business owners still have the perspective that cybersecurity is all about getting viruses out of their computers. It's a lot more than that.
Cybersecurity is no longer just about software; it's a way of doing business safely in a world full of cyber threats like data breaches, ransomware, and phishing. All of which can cause massive damage to your company resulting in financial losses or worse.
The traditional security measures you grew up with no longer cuts it. Dealing with today's cybercrimes requires higher-level solutions and strategies and a multi-layered approach to security.
At ITS, we strive to help our clients understand the complexities of modern cybersecurity. That's why in this article, we'll share insights from ITS San Francisco's Managing Partner, Rob Schenk, regarding how businesses should approach cybersecurity in this day and age.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
"My main roles are helping our clients enable their teams and secure their data while also crafting our corporate strategy, developing our company culture, creating memorable experiences, and cultivating the next generation of modern leaders."
"One of the major challenges that I've been navigating is how best to educate our client base and community on the importance of cultivating a security-first mindset and driving this through organizational change. It's a journey, and you start where you are. With dedication, consistency, and focus, though, we're making inroads, which is a positive development."
What are some of the most serious problems organizations can run into without an appropriate IT strategy?
"Technology touches every part of a business. If you have a strong foundational technology stack, along with consistent patching and IT inventory hygiene, it can be a positive game-changer. But if you aren't keeping up with basic blocking and tackling, are missing modern security toolsets, and still don't have cyber liability insurance, then your company is vulnerable and incurring a lot of downside risk."
"Not properly investing in a sound IT strategy will ultimately result in heightened security risk exposure, low team efficiency/productivity, potential reputational damage, and technical debt that will end up costing you more money than investing in the right solutions in the first place. If your goal is a thriving business, then proper planning and investment are key."
Do global events affect cybersecurity?
"Yes, definitely. For example, the current conflict between Ukraine and Russia has escalated cyber threats for businesses and government agencies in the United States. You have state-sponsored cyber actors and criminal organizations from countries like Russia, North Korea, and China who are taking advantage of the situation to engage in espionage and other malicious cyber activities."
"Any time you have economic difficulties or geopolitical unrest, you can expect crime rates to increase, and the same is true for cybercrime. Fortunately, the MSP community has an extensive threat intelligence network, with vendors/partners freely educating the community with actionable steps to protect ourselves and our clients better. After all, if one MSP gets hit, the community is hit. We are all in this together, and it takes a village. This growing selflessness and information exchange strengthens the MSP community and keeps us up with the latest threats, enabling us to more effectively monitor the situation, raise awareness, and prepare accordingly."
Is tailored cybersecurity worth investing in? Or is it only relevant for large enterprises?
"It's critical for SMBs to invest in a cybersecurity plan that works for them. Cyber-attacks have grown more nefarious and are increasing in severity and impact. Cybercriminals know many small businesses are still using cheap, cookie-cutter solutions, making them easier and more attractive targets."
"We recommend designing your plan from the perspective of the "assume a breach" mentality. Properly inventory your systems, as, after all, you can't protect what you don't know. Do a risk assessment, identify your mission-critical applications, amount of acceptable downtime you can tolerate, and work to strengthen core defenses as a primary objective. Develop a strategy of cyber resilience, draft an incident response plan, and have enough defense so you can quickly determine malfeasance and remove the threats. The faster you can detect and eliminate the bad actors, the less impact it has on your business."
"Every business, from SMB to enterprise, has its own unique security needs. To meet those needs and achieve cyber resilience, your security plan should be tailored specifically to your company's requirements. You need to consider several factors, like your industry, size of your business, available resources, regulations, network complexity, and types of data you store. Those answers will determine what security program is required to protect your environment."
In your opinion, what IT and cybersecurity details are often overlooked by new businesses?
"I think many businesses overlook two key things when it comes to cybersecurity. First, they don't realize that you can't get effective security from a single solution. Second, it will always be an ongoing activity. There are a lot of SMBs that believe using passwords and antivirus are enough or that they're too small to be a target. Some even think letting an MSP take over will solve all their security concerns. Sadly, none of these are true."
"SMBs need multiple layers of protection like multi-factor authentication, endpoint protection, and more. Also, they need to defend their network actively. That means you need security policies, processes, and procedures in place. In addition, they need to train their employees regularly and update their security tools constantly. It's the only way to keep up with the ever-evolving cyber threats."
What are the biggest cyber threats organizations should look out for in the future?
"I believe the biggest cyber threat is always going to be the one we don't know about yet. The runner-ups, however, are the most prominent ones. Those are the ones that you'll see on watchlists regularly. So, you have the usual suspects like email phishing, password compromise, and ransomware."
"But now, you also have the challenges brought on by the sudden shift to remote work in recent years. That includes bring-your-own-device policies and the increasing use of cloud applications that continue to challenge cyber defenses."
"In addition, new and poorly regulated cryptocurrencies that have popped up in the last few years have helped ransomware attackers, becoming their payment method of choice."
What are the best cybersecurity tools every company and individual should have?
"As mentioned previously, every business has its own unique needs, budgets, and priorities. In essence, the best cybersecurity tools are the ones that fit your needs, that you can implement well, and that you can manage properly."
"There's no single cybersecurity solution that will do everything for you. You can't install a piece of software and just call it a day. Cybersecurity is about building layers upon layers of protection. Those layers include basic security measures like consistent patching, email protection, firewalls, web filtering, security awareness training, and endpoint protection and isolation software. In comparison, the more advanced option will include building a 24/7 security operations center with active threat hunting capabilities, SIEM, and more. Each component has its part to play, and that gives you the ability to prevent attacks from being successful while being able to detect and eject quickly should an incursion take place."
Related article: What Businesses Need to Know About Managed Cybersecurity Services
Want to Learn More About Cybersecurity for Your Business?
Just as cyber threats have evolved, so have the solutions created to combat them. They need to be designed for your business and tailored to meet its specific needs. It's because cybersecurity is no longer just about software or tools but a way of conducting business. It should be embedded in your technology and within your policies, processes, and your habits.
At ITS, we've helped hundreds of businesses bolster their cybersecurity posture. If you want to learn more, check out our article on the five cybersecurity tips for small businesses.
