COVID-19 has brought a host of challenges for SMEs. From maintaining cashflow to deploying new remote technologies and environments, businesses of all sizes have had to quickly adapt to keep afloat during this challenging time. It’s no question that survivors of this turbulent year are resilient, but to ensure that business continuity continues long term, they must prioritize a layered approach to cybersecurity and data recovery.
In other words, they must be cyber resilient. But what exactly does that mean? Think of cyber resilience as digital fitness. It’s a business’s ability to keep moving forward in the face of otherwise crippling cyber threats. Because cyberattacks and data loss are both inevitable and can easily derail modern business, these threats must be accounted and planned for. Which is why it’s crucial to have the right tools, processes and backup policies in place so that the business is resilient regardless of the attack method.
But sadly, many companies are behind the cyber-resilient curve. A recent report, COVID-19 Clicks – How Phishing Capitalized on a Global Crisis, found only 26 per cent of global respondents backed up their data to ensure it is recoverable in the event of an attack. This percentage is alarmingly low, as a backup solution with real-time recovery capabilities can mitigate the business challenges associated with a breach while barely missing a beat in terms of operations. A disaster recovery-as-a-service (DRaaS) solution is one cloud-based solution that guarantees valuable data is constantly backed up so SMEs hit with ransomware can simply reboot their IT environment from the last “clean” back-up to restore business operations.
Looking beyond just technology, end-user education remains an often-overlooked factor businesses face when becoming cyber resilient. While IT resilience focuses on hardening data and applications, overall cyber resilience as an organisation depends equally on making users resilient. This means developing an ongoing program of training and communication on security issues employees need to be aware of and education on how to properly respond to incidents.
When businesses internalise this culture, they’re better prepared, better able to respond and better positioned to experience growth. On the other hand, businesses that don’t actively work toward a culture of cyber-resilience are more vulnerable to cyber attack. Their employees are more likely to practice poor password hygiene (like reusing the same passwords across multiple accounts), click on something they shouldn’t and make other mistakes, like misconfiguring access rights or accidentally sending someone the wrong file.
In addition to cloud-based backup and proper cyber education, a successful SME cyber-resilience strategy will also include a full cybersecurity and threat prevention suite. These will commonly contain network protection as part of the service, helping SMEs to prevent threats before they become an issue. Evaluating the vendor’s machine learning (ML) and artificial intelligence (AI) capabilities are also important factors to keep in mind when selecting a threat prevention suite.
As the pace and sophistication of new cyber threats continue to grow, managing and analyzing massive data sets can’t be accomplished by humans alone. Advanced technology like ML and AI help to create accurate predictions and detect behaviours associated with polymorphous malware or other attacks and block them in real-time.
With these strategies in mind, a business can strengthen their cyber resilience, and in the event of a data breach, can bounce back and continue operations.
George Anderson, Product Marketing Director, Webroot