Don't Be Breached in 2022

Technologies exist today that can protect businesses from the Cybersecurity Attacks we are seeing in the news, and they are affordable for businesses of all sizes, not just enterprises.  With the increasingly sophisticated cyber-attacks throughout 2022, the increasing premiums of Cyber Insurance, and the dramatic post-Covid workforce changes that have defined current IT Infrastructures, and a lack of sufficient engineering resources to cover an organization's needs - Cybersecurity has become a challenge for many companies.  Even with all of the above adding to the strain on Cybersecurity professionals, there seems to have become a greater apathy towards Cybersecurity.  The sheer amount of articles, discussions, and constant alarm bell ringing has made it difficult to communicate with executives and management regarding how much of threat insufficient Cybersecurity precautions truly are.

Traditional Cybersecurity is Insufficient

While there is an obvious need for traditional Cybersecurity technologies such as network firewalls, endpoint security, and scanning tools - the sophistication of attacks means that these tools alone are woefully insufficient.  This cannot be repeated enough because the problem persists.  Businesses of all sizes are threatened by cybersecurity attacks - the myth of any business being "too small" to be concerned should be thoroughly dead (even though I still hear it), but according to CNBC only 5% of small business owners "consider cybersecurity to be the biggest risk to their business".  The reality is that Cyberattacks are a combination of attacks of opportunity, as well as directed action based on initial attacks.  Cyberattacks are often not a single hack that results in a ransomware event or a data breach, but the sum of multiple attacks that penetrate security.  Because of this, businesses need to consider higher degrees of security.  Like Why You Need an MDR which we talked about a couple weeks back.

Security threats are sophisticated, and they typically occur when human beings aren't awake to handle them, and without monitoring tools or any sort of human intervention, this frequently leads to Data Breaches.  Some latest statistics show 54 percent of companies say their IT departments aren't sophisticated enough to handle todays cyberattacks.  The dwell time for attackers in victim environments is down from an average of 24 days in 2020 to 21 days in 2021.  Availability is no longer the biggest risk...confidentiality is.

Which is surprising, because many of these technologies exist, and ARE affordable for small businesses and mid-sized businesses, and are not just available to super large Enterprise customers.  The growth of this market has been tremendous, and London Security has partnered with several of these tools because we have been looking for these kinds of tools to help serve our customers for years.

Your Security shouldn't look like the early 2000s

Because of increased threats evading traditional security practices, we need to be seeing massive adoption of security technologies that meet the current sophistication of Cybersecurity threats.  We aren't in the early 2000s where antivirus and firewalls were capable of handling viruses and attacks.

All businesses regularly upgrade computers, their products, and adjust their business practices according to the modern world - and Cybersecurity shouldn't be any different.  Cyberattacks are capable of being prevented, it isn't an act of God or a natural disaster.  Many attacks can be caught before they breach your organization's critical data or infect systems with ransomware.  There are many technologies and methodologies that can prevent modern attacks, and research into the subject indicates that a majority of Q1 2022 attacks would be deemed as "Preventable".

It shouldn't take a security event, ransomware, breach or whatever, to force an organization to adapt.  If you take these proactive methods to save your business from the stigma of handling a massive data breach, you'll save yourself time, money, and the potential embarrassment of having to explain what happened to your customers, or worse...the media.

Cyber Insurance is a band-aid - NOT a preventative

Cyber Insurance is one of the largest growing industries in the United States and globally, but this doesn't mean that it can replace Cybersecurity alone.  Many policies require specific Cybersecurity technologies in order for claims to be paid, and these policies are changing regularly.  As claims of Cyber Insurance have increased, so too have the requirements to enforce and pay out Cyber Insurance policies.  This means you are NOT guaranteed a pay-out for every claim, and this is especially true if you're using a Cybersecurity technologies from the early 2000s compared to modern technologies.

Most insurers are now requiring 24x7 monitoring be done internally or through an outsourced SOC.  All insurers are requiring larger efforts be made in protecting businesses from Cybersecurity attacks.  Some even list which service providers or SOC vendors they will authorize.  While I don't agree with any insurer telling a customer who they have to use for a service, I will agree that you shouldn't rely on just any old one that comes along with a low price and lots of promises.  It is important to realize not all SOCs and service providers are the same.  Yes, there ARE technologies that can prevent many Cybersecurity threats that exist today, even some with the capability to protect against zero-day attacks.  But if you don't have that vigilant monitoring for true response, not only could your business become a victim to an attack, but you could be denied the insurance claim.  You absolutely should use these technologies to protect your business alongside insurance if you're concerned, and there are policies that can be built around your existing Cybersecurity Infrastructure that will guarantee the vulnerabilities you know about, but you must also plan for the ones you don't know about.

This leads to the final conclusion of this article...

Make 2022 the Year of Cybersecurity Improvements

It doesn't have to be expensive, but it needs to happen!  London Security can assist you in determining existing Cybersecurity vulnerabilities and talk to your business owners and stakeholders regarding the value of investing in current Cybersecurity technologies as well as 24x7 SOC monitoring that will not only provide ongoing value but can prevent many of the threats you will face for the future.

It only takes a phone call or email to figure out what London Security can do for you, so don't hesitate to reach out to us at today and let us help you determine how to make 2022 your businesses most secure year ever.


Sources & References:

The Post-Covid Landscape For Cybersecurity Professionals

US Cyber Insurance Sees Rapid Premium Growth, Declining Loss Ratios

America's Small Businesses Aren't Prepared for a Cyberattack

Patchable and Preventable Security Issues Lead Causes of Q1 Attacks