For many businesses, information security comes behind other business imperatives. Unfortunately, the automation of cyber-attacks means that many more businesses are under threat and cybersecurity must come higher up the board priority list.
We often hear these types of comments from business leaders:
“We’re too small / too uninteresting.”
“We’ve got a firewall, that’s enough.”
“We don’t have the resources.”
Let’s go through them one by one.
“We’re too small and too uninteresting.”
Just as there is a lid for every pot and kettle, there is a malicious technically gifted person out there whose prey schema you will fit. Hence the question is not, what is the chance of us getting breached, but – excuse the exaggeration – when will we be breached?.
While this sounds oversimplifying, the back story is a fundamental shift of thinking, from laissez-fair style lack of diligence to a security-conscious risk management approach to information security.
Security experts agree that in all reality there is no chance to fully secure any IT system to guarantee that it will never be breached. Hence it is so important to establish a defence in depth approach to securing your systems to minimise the chances of any single breach to cause damage and information being compromised. See below.
“We’ve got a firewall, that’s enough.”
Bluntly speaking: No, it’s not. Once breached with no further countermeasures in place, the perpetrator will have free reign. And when they do, in all likelihood, they’ll go to town and, uhm, have fun. You, not so much in the aftermath, I’m afraid. Apart from the reputational damage, prepare to shell out considerable resources for damage control, reputation rebuilding, fixing your IT system, fix your client/customer relations to rebuild trust and assurances, and countless little other things. Be prepared to wake up to a nasty surprise bill.
If companies like SolarWinds, MalwareBytes, CrowdStrike, and even Microsoft – all either specialist cybersecurity staple players, or, well, Microsoft – were compromised (more details here), then one can all but imagine what obstacles had to be overcome to pull this off.
This is not to say all is lost. On the contrary. While it is always good to do something rather than nothing, it can cause a false sense of security; even more so when it could be done, well, better.
“We don’t have the resources.“
Well, when will you actually have the resources? Experience shows this all too often results in never having the resources regardless of the situation unless you happen to be a tech unicorn. Too many interests in a business compete with each other for resources all the time.
This is not a criticism; it is a factual observation. It’s life in business.
Consequentially, there will never be enough resources to tackle this – until it is too late, and your IT systems have been breached. Too many businesses have been caught in this with their pants down, having to throw a lot of money at it.
Fixing a living system that’s broken is far more expensive than doing it right in the first place: Whether it is fixing bugs or architecture in software (7x more costly!), fixing roads while they are firmly embedded into the commuter arteries of daily life in a city, adding a solar-based heating system to a house rather installing it when building the house (personal experience anecdote: £16,000 vs £4,000), this is a hidden factor far too often overlooked.
Today is a good day to … begin.
If you’ve made it until here, well done, and thank you!
Don’t panic. Before you action anything, perhaps throwing lots of money at a glossy tool, why not consider getting external help (after all you can’t be an expert in everything, can you?) to assess what you actually need?
In our experience, companies often need less than they’re at times made to believe, and getting expert advice on that is money well spent that will pay multiple times over in IT security efficacy, efficiency, and overall financial cost attached with it.
Why not have a chat with our experts?
The Digital Craftsmen team are experienced cybersecurity experts, working with businesses to offer the levels of security protection usually only afforded by the large corporates. Specialised cybersecurity support for:
- Working from home (WFH) environments
- Securing e-learning platforms, shopping platforms, fintech and for all complex hosting requirements
- Hardening your online presence (managed hosting/cloud, or on-premise)
- Compliance with payment industry directives (PCI-DSS)
- Technical cybersecurity support (Incidences, patching, scanning)
- IT Security audits to check for potential vulnerabilities
When customers choose Digital Craftsmen, they know they’re working with a team who do more than just offer a software solution or a standard way of working, we make it our business to know you, understand your business and tailor the cybersecurity to lock down and secure against cyberthreats.
Call the team on 020 3745 7706 or email [email protected] to find out how we can secure your business today.