READ TIME: 4 MIN
“Cybersecurity isn’t enough…really?” you might be asking. Before you throw your hands up in exasperation, a word of explanation. We aren’t suggesting that cybersecurity isn’t important or worthwhile. We certainly aren’t suggesting that small and medium-sized businesses (SMBs) should skip cybersecurity altogether. Cybersecurity is as essential to the protection of your business assets as locking the doors to your office when you go home at night.
But, cybersecurity plays just one part of a business’ overall data protection strategy. A massively important part, to be sure, but it’s not the whole story. Cybersecurity gets a lot of attention, but an equally important cyber objective for any company in this digital age is cyber resilience.
The National Institute of Standards and Technology (NIST) defines cyber resilience thusly:
The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.1
So, in other words, cyber resilience is all about maintaining your business’ ability to continue functioning normally—even in the face of adverse events like cyberattacks or natural disasters. While cybersecurity is aimed at proactively keeping cybercriminals at bay, cyber resilience is aimed at keeping your systems running even if hackers do get in.
A key objective of cyber resilience strategies is keeping your company’s data safe from loss or destruction. Although cybersecurity strategies limit the risk of data compromise, human error can result in data loss or corruption through accidental deletion or inadvertent malware installation. In fact, 1 in 3 SMBs reported data loss incidents caused by human error2.
As you might rightly assume, a consistent and thorough data backup strategy is integral to cyber resilience. Alarmingly, however, 40% of SMBs conduct NO data backups, and 58% do not have a data backup process for their endpoints3.
A much happier statistic is that 93% of data loss incidents are preventable4. Implementing a disaster recovery plan helps your business to secure its data against adverse events of all types. With routine local backups, you create your first line of defense against accidental or malicious data compromise.
Since some incidents can compromise primary backups, maintaining offsite backups is your second line of defense. For example, ransomware attackers often go after backups once they penetrate a company’s network, because paralyzing their victims’ backups gives them more leverage. Having a second set of backups in another location helps to defang ransomware attackers’ strategy.
Another major prong of cyber resilience is making sure that your business-critical infrastructure continues to function in the case of crisis events like ransomware attacks. One of the ways that ransomware attackers coerce their victims into paying the ransom is by bringing their business to a screeching halt. Threat actors know that downtime hits SMBs hard—most lose anywhere from $10,000 to $50,000 per hour of downtime5.
With critical systems frozen, victims quickly do the math and realize that paying the ransom is less costly than downtime. Many SMBs wrongly believe that this couldn’t happen to them. But the truth is that 20% of SMBs who were hit by a ransomware attack experienced downtime as the result of the attack6.
This is where business continuity planning comes in. With a business continuity plan, your company will have an IT “plan B” should your primary infrastructure falter for an unforeseen reason. With redundant infrastructure at the ready, you don’t have to worry about the tens of thousands of dollars (or more!) your business would lose due to unplanned downtime.
NexusTek offers the solutions your business needs to achieve both cybersecurity and cyber resilience, from customizable security plans with 24/7 monitoring to protect against threats, to business continuity & disaster recovery plans to protect against data loss and costly downtime.
Are you ready to make the leap forward to cyber resilience?
References:
1. National Institute of Standards and Technology. (n.d.). Cyber resiliency. https://csrc.nist.gov/glossary/term/cyber_resiliency#:~:text=The%20ability%20to%20anticipate%2C%20withstand,NIST%20SP%20800%2D172
2. Reilly, C. (2017, August 2). Ransomware shuts down 1 in 5 small businesses after it hits. CNET. https://www.cnet.com/news/privacy/malwarebytes-state-of-ransomware-shutting-down-1-in-5-affected-small-businesses/
3. & 4. The SMB Group. (2020, February 10). Small business data protection: What small businesses need to know. https://www.smb-gr.com/wp-content/uploads/2020/08/10-Feb-Data-Protection.pdf
5. Infrascale. (2020, May 13). Infrascale survey highlights the heavy costs of business downtime. https://www.infrascale.com/press-release/infrascale-survey-highlights-the-heavy-costs-of-business-downtime/