These days, it's all about security. Or to be more precise - Cyber Security. And dare I say - rightly so. October was National Cyber Security Awareness Month, a time for people in every industry to concentrate on safety for their electronic assets. But just because October is over, doesn’t mean your efforts to improve your security posture can stop.
The Big Cyber Security Push
Cyber security is, without a doubt, the most important buzzword in our industry. And, I have to share a dirty little secret with you - our industry is pushing anyone and everyone into security. They're like sharks smelling the blood in the water. Vendors have tons of tools that they want us to sell for them. They're pressing your standard IT support guy into billing himself as a cyber security expert so that no one misses out on the action. It's almost like you're missing the bandwagon if you're not onboard. Almost scary if you step back and think about it.
Fortunately for us and our clients, this isn't anything new for FPA. We've been dealing with cyber security for years now.
Cyber Threats Target Businesses of All Sizes
During the last month alone, we've been engaged by no less than 3 different firms to perform forensic investigations in response to suspected cyber security incidents. In each case, they were attacked and breached, but each attack used a different methodology. One was due to a keylogger, one was due to a security camera (can you say "Internet of Things?"), and one was due to malware. All were different entry points. All used different methodologies once in the victim’s system. And, all had different impacts.
The one common thread in all of these attacks was that these weren't Fortune 500 or even Fortune 1000 companies. In fact, these might not even be Fortune 5000 companies. These were all ordinary "run of the mill" businesses like yours and mine.
The purpose of sharing this little tidbit is to help communicate that we have to get past the mindset of "my business is too small," or "we don't have anything anyone would want." Historically, this has been the push back we get from too many clients when we have any sort of discussion around security.
Why National Cyber Security Awareness Month Matters
Cybercrime is on the rise. Every day, hackers and criminal organizations launch new attacks against businesses of all sizes—with many working to create insidious new attack strategies to either steal or extort money from small businesses. In fact, according to data from the FBI, “On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015.”
This means that over 146,000 businesses are affected by ransomware each year. And, this is just one attack type! There are many more kinds of threats out there, and many cases never get reported to law enforcement, so these numbers could be even higher in reality.
The good news, though, is that the more and more we have these conversations, the more and more we see attitudes towards cyber security change. No longer is security simply dismissed as unnecessary because “no one would want our stuff.” As we continue to "dial in" our clients' networks, securing them becomes more and more of a business-critical issue. One which we're starting to see getting taken seriously.
National Cyber Security Awareness Month is important because it helps get people to start the conversation about their business’ cyber security practices. It gets people thinking about the vulnerabilities in their networks, and how they can address them.
While no amount of security will prevent 100% of all attacks, taking cyber security seriously and implementing some basic protections can do a lot to limit your exposure to risks like data breaches. Things like training employees to use your data and networks safely, adding basic security features (antivirus, dual-factor authentication, firewalls, etc.), and keeping up to date with the latest security patches for your software can all help massively reduce the chances of any random attack getting through.
The Rise of Cyber Security Awareness
While we've been providing technology security assessments for years now, our Managed Security offering (made up of things like user awareness training, dual factor authentication, security incident and event monitoring, penetration and vulnerability testing, and encryption) is really gaining traction with our clients. This has definitely been a growth area for us and anticipate it continuing to be a high growth area in 2018.
I believe that as our industry continues to mature, and the hacks (pun intended) get weeded out, securing networks for small to mid-size businesses will become part and parcel of simply running a network. What business owners all too often currently see as a “nice to have” will become a “must have,” and, even better, will just be the de facto standard for how IT is run well. For us, it will be business as usual.
From the FPA Team to yours, we hope you had a safe and secure National Cyber Security Awareness Month and continue your cyber security awareness throughout every month!
Hopefully, this info's been helpful. Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.