Even multinational corporations used to run effectively and efficiently without a screen or a mouse or a keyboard in sight – other than a typewriter keyboard, of course. No data storage issues, no input errors, no backup problems, no memory losses or system failures, let alone cyberattacks.
Today – barely forty years since computers started appearing in workplaces – we can scarcely imagine life without them. In little more than a generation, all business processes have been completely altered, and a whole array of risks and threats and dangers have appeared that we could hardly even have dreamed of back then.
Despite these growing threats, myths continue to prevail that prevent business owners from being effectively equipped to defend themselves against attack or to deal with the consequences of an attack, should it happen. In this article, I debunk five of the biggest myths to ensure all business owners recognize the importance of cybersecurity.
Founder of Indominus Managed Security.
1. Cybercrime only happens to others
It is a trait of most humans, to think that bad things will only happen to others. That can’t happen to you. But at some point, it hits you. You become the unlucky other. Since 2021, cyberattacks have risen over 300% according to the latest Microsoft Digital Defense Report – a threefold rise.
None of the companies that were hit by ransomware over the last decade thought they were chosen or deserved to be attacked. None. This is no different to saying that a car accident will never happen to you. That can only be true if you are not going out of your house. Even as a pedestrian, it can happen to you. If you have a business and you are using some kind of technology and, God forbid, if you are making money, then yes, you are a potential target.
Following an encounter I once had with a dairy farmer, I came up with a question that I now often ask in my presentations: do you believe that a cow requires cybersecurity? The crowd usually answers that of course they don’t. I then explain to them that the latest development in AgTech (agricultural technologies) means that a team of two farmers can milk 1,000 cows.
This amazing advancement allows us to break the physical limitations that used to plague farms. All these devices are connected to the internet in order for sensor data to be collected. I asked one of its makers if they secured the connections. He answered there was no need as it was only sensor data, not interesting to any cybercriminals.
There was the door – the way in for a cybercriminal who will do anything to get to their goal, which is bullying you into giving them your money.
Hence, a bad actor, thousands of kilometers away, can stop all the farm’s robots cold. Stop the cows from being milked and send a nice email for a ransom. With no milk, the dairy farm would be out of revenue for months and would probably collapse.
What if this attack is executed on 100 farms? They could all be stopped at once. We are talking about millions in lost revenues, all because cows don’t require cybersecurity, and the magic thinking that these things only happen to others.
2. We’re too small to be attacked
The root of this myth is the assumption that cybercriminals are like fishermen: that they carefully choose their spots and then cast a line into the water to catch a particular fish. Nothing can be further from the truth.
Cybercriminals today operate in networks, constantly offering services to new members to make them more efficient and sharing their profits throughout the network. They are no longer individuals in hoodies in basements; this is the age of dark corporations with objectives and quotas, of ‘ransomware as a service’. Not lone fishermen, but fleets of trawlers capturing all they can, by the ton.
When they send out a phishing email with the aim of infiltrating a company, months before the actual attack, they do not send ten or twenty; they send between 100,000 and 500,000.
What does that say about small and medium businesses? It says that you make up the greatest volume of fish – you are the largest group in the sea. For each large corporation, there are thousands of small and medium businesses. As an example, according to the renowned data site Statista, there were, in 2021, 8,365 companies with over 1,000 employees, compared to the total of 16,435,439 companies below that number.
According to those numbers, enterprises constitute 0.051% of all companies, so they may get targeted as the bigger fish, but never as often as the largest shoal in the sea.
3. We have nothing worth stealing
If you are in business, it is unlikely that you have nothing to steal. Apart from artists and artisans, who are paid in cash for services that only their talented hands can provide, pretty much all businesses today have valuable customer and employee information. More importantly, if you are in business, you must be making money; hence, you have the one thing that cybercriminals crave above all else: money.
After a short time, they will know how much money you have. They will spend months in your systems, sniffing around for clues – in documents, emails, financial statements, human resources files or customer databases – until they have figured out two things: what is important to you and how much you are willing (and able) to pay to get it back. Yes, this can (and most likely will) include deleting or infecting your backups to solidify their claim.
Then they will send you a ransom demand. (Whether you decide to pay or not is up to you, but you should understand that as long as victims will pay ransoms – and the attackers make money – cyberattacks will continue.)
4. Our data is safe in the cloud
Don’t kid yourself. This is not how the cloud works. Although Microsoft (and most other cloud providers) are secure environments, they also have what is known as a Shared Responsibility Matrix. This means that for your data, your research and your business intelligence, to be isolated and to remain fully yours, Microsoft will not access it. They will not subject it to their own security procedures, which might alter the structure of your data and potentially disrupt your business. That would go against the reasons for offering you space in the cloud. Instead, they guarantee that the foundational, underlying systems will be secured and defended.
What do I mean by the underlying system? Picture that you are hiring a security company. They will guard the access to your lot, make sure that no one is messing with access to your house, and that you have electricity and communications, but they will not manage what happens inside your house.
Same here: you are a tenant within the cloud provider’s infrastructure. He will make sure the gate to your space is guarded and that you have everything you need, but what happens within your company, on services and servers that he is leasing you, is completely your responsibility.
5. We have adequate insurance
What would buildings and contents insurance provide you if there was a fire in your offices? It would allow you to rebuild, buy back furniture and equipment and return to a normal life in perhaps four to six months. In other words, your insurance company will send you a cheque once your premises are in ashes (if you are lucky).
Far better – and usually much cheaper – to avoid a fire than to recover from one.
Don’t misunderstand me, insurance is necessary, but it cannot be the only component of your business protection plan. You also need proactive services that will enable you to react to a ‘fire’ before it reduces everything to ashes. As I said before, having a few battery-powered smoke detectors is far from adequate.
With proper cybersecurity, you might lose a device or a server, but you will survive the attack and still have a company to run. Instead of playing phoenix, you will live to fight another day.
Conclusion
As an expert, it is my duty to ensure that those false beliefs are challenged. I hold dear my vision that within the next decade, cybercriminality can be but a distinct memory and that we, as a species, will have evolved beyond that.
I strongly believe in making cybersecurity accessible, so that all business owners are in a position to understand and support cybersecurity initiatives within their company.
With this in mind, it is vital that you, as a leader, revise your mindset and understand that all cybercriminals are after are your assets. And that, if you are in business, you most likely have some. Either money, recipes, intellectual property, or even, perhaps simply a reputation that you have built over the years. All things that cybercriminals would use against you, to get to their final goal, your money.
Please take preventive measures. Just like at home, when you leave, make sure the alarm system is armed, the front door is locked and that the alarm center will be informed if something happened.
Deploy that same logic for your company and its assets. It is worth protecting.
We list the best antivirus software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
