4 Questions Mid-market Companies Should Ask Themselves About Data Protection
4 Questions Mid-market Companies Should Ask Themselves About Data Protection
When the working world went remote due to the COVID-19 pandemic, many never returned to the office. This created new data-security challenges for many businesses, with an increasing amount of sensitive data now being stowed in the cloud, and workers continuing to access company data from off-site locations.
How safe is cloud security, which now often relies on “zero trust” security principles based on a user’s location rather than user credentials? While some worry that cloud security is less reliable than on-premise security, that’s not actually the case, particularly for mid-market businesses. The fact is that your data is actually more secure in a remote data center managed by security experts than by your in-house IT team.
You may feel a false sense of security by having your IT department guard your servers in a closet — but this strategy is extremely risky when it comes to data protection. It’s not standard for mid-market IT departments to possess expert skills in cloud security and data security, which are needed to properly safeguard data. Many mid-market companies, particularly those not in highly regulated industries, do not currently have Security Operations Centers.
To read more, please fill out the form below:
4 Questions Mid-market Companies Should Ask Themselves About Data Protection
4 Questions Mid-market Companies Should Ask Themselves About Data Protection
When the working world went remote due to the COVID-19 pandemic, many never returned to the office. This created new data-security challenges for many businesses, with an increasing amount of sensitive data now being stowed in the cloud, and workers continuing to access company data from off-site locations.
How safe is cloud security, which now often relies on “zero trust” security principles based on a user’s location rather than user credentials? While some worry that cloud security is less reliable than on-premise security, that’s not actually the case, particularly for mid-market businesses. The fact is that your data is actually more secure in a remote data center managed by security experts than by your in-house IT team.
You may feel a false sense of security by having your IT department guard your servers in a closet — but this strategy is extremely risky when it comes to data protection. It’s not standard for mid-market IT departments to possess expert skills in cloud security and data security, which are needed to properly safeguard data. Many mid-market companies, particularly those not in highly regulated industries, do not currently have Security Operations Centers.
What’s more, it came to light at the end of 2021 that cyber-insurance renewals are becoming at times prohibitively expensive for all industries due to the exponential increase in cyber-attacks seen last year. The only way for mid-market companies in all industries to lower cyber-insurance premiums and ensure coverage is to implement enhanced data security measures.
Since data protection has become the most prevalent challenge in the cybersecurity market, it’s no surprise to see that according to Insights for Professionals, data protection is the main focus in 2022 for 85 percent of businesses surveyed; 37 percent plan to invest up to $500,000 on data protection in 2022, and 31 percent plan to invest more than $500,000 on data protection over the next 18 months. McKinsey also reports that 85 percent of midsize enterprises plan to boost their IT security spend until 2023.
All-Time High Cybercrime
Still, it would be misleading to imply that cloud security comes with no challenges. One of the biggest ongoing concerns are ransomware attacks, which increased over 105 percent in 2021. Cybercriminals continue to attain new levels of sophistication, with payment demands skyrocketing into tens of millions of dollars. According to McKinsey, the costs related to cybercrime will continue to ascend in the coming years, with a 15 percent yearly increase leading to cybercrime costs reaching $10.5 trillion a year in 2025. Looking ahead over the next decade, by 2031, Cybersecurity Ventures estimates ransomware costs alone should reach $265 billion.
McKinsey reports that there are multiple motivations for these attacks, headed by the fact that pandemic-weary companies have become ripe for security vulnerabilities. Also, as advancing digitization continues to drive connectivity and employees now log in from anywhere — including unsecured home networks — it makes life easier for ransomware hackers. The traditional smash and grab approach is now being replaced with bad actors “dwelling” undetected within victims’ environments, which gives cybercriminals the lay of the land in understanding where the highest value information resides before selling it to the highest bidder.
Another motivation for the continued attacks is their success: as more companies are forced to pay ransoms, hackers are further incentivized to build on their well-paid victories and continue innovating on this lucrative threat. Specific sectors are particularly at risk; keep in mind that in the U.S., supply-chain attacks rose 42 percent in Q1 of 2021, victimizing as many as 7 million people, while McKinsey shared that “security threats against industrial control systems and operational technology more than tripled in 2020.” The war in Ukraine has taught us lessons about attacks compromising infrastructure, utilities and government that can debilitate nations and be weaponized.
Paying Up
These massive numbers can seem overwhelming, and can also make it difficult to tell how much a ransomware attack can affect an individual company. To give you some perspective, consider these stats:
- NPR reported that Colonial Pipeline paid a $4.4 million ransom after the company shut down operations.
- CNBC reported that global meat producer JBS paid ransomware hackers $11 million.
- Insider reported that global insurance provider CNA Financial forked over a reported mind-blowing $40 million post-cyber-attack.
- The Washington Post reported that a ransomware attack on U.S. software provider Kaseya targeted the firm’s remote-computer-management tool and endangered up to 2,000 companies globally.
These costs are also just the tip of the iceberg for the companies victimized by ransomware hackers. Additional costs of such an attack include everything from paying third parties (like legal, PR, and negotiation firms), not to mention the opportunity costs of having executives, staff, and teams disconnected from their day-to-day roles for weeks or months to deal with the attack’s aftermath. Perhaps the biggest unaccounted-for expense is the resulting lost revenue.
Ask These 4 Questions
What can mid-market companies do in the face of these threats to their data’s safety? They should focus on strategies that address ransomware prevention, preparation, response, and recovery. Since this is an ongoing journey, threats continue to evolve and improve — so it’s critical to keep up to date with new threats of increasing sophistication, while being ready with cybersecurity strategies and best practices. The goal is to continue to build cyber maturity that creates a resilient approach. You may not be able to stop attacks from occurring, but when they do, they won’t have the same impact if you’ve prepared in this way.
As a starting point, these are four questions that every mid-market company should ask itself to determine the organization’s readiness for data defense:
- When it comes to our people, do we have security focused IT leadership, trained cloud security experts, and data security experts?
- When it comes to our process, do we have defined IT security processes for proactively managing the security posture of our environments?
- When it comes to our technology, are we 100 percent confident in our security tech and our ability to actively monitor and detect threats around the clock?
- When it comes to our cloud architecture, are we confident that it allows for scalability without sacrificing security assurances?
If the answer is “no” or “I don’t know” to any of these questions, it is time to get your house in order — you are at risk. To stay alive, compete, and drive value, mid-market companies should shift their focus to data analytics, data management, security, and compliance. This requires a cloud-based data center, a cloud-native data management platform, and cloud-native analytics. Ensuring the right infrastructure to maximize the capabilities of data centers — and how they are able to manage and store data — is crucial to effective mid-market digital transformation.
The Key to Data-Driven Success for Mid-market Companies Starts Here
The Key to Data-Driven Success for Mid-Market Companies Starts Here
What’s the #1 pain point for IT professionals? According to the business knowledge resource Insights for Professionals, it’s data center management. With this reality in mind, the foundation of digital transformation success for a data-driven business must begin at the data center level, where servers store your data, CPUs power your computations, and your systems are ideally kept stable, operational, and secure for all users, including those accessing company systems and data from multiple remote locations. Competitive mid-market companies rely on data center engineers who specialize in uptime by proactively preventing downtime, as well as connectivity, storage, security, and monitoring.
Effectively managing data to support accessibility and security requires consistent monitoring and up-to-date solutions. Yet the latest research shows that investing in on-premise infrastructure for data management, compliance, and analytics is too pricey for most mid-market companies — and from the view of many IT directors, on-premise solutions have already morphed into old relics. In 2022, Insights for Professionals reported that nearly two-thirds (63 percent) of senior IT leaders and company executives aren’t planning to attempt to maintain servers on-premise. Instead, the majority of leaders surveyed plan to invest in cloud infrastructure as a service.
Moving into the Future
In short, entire businesses are migrating to the cloud, not just the technology. The infinite growth of data, applications, connections, and workloads will only further exacerbate businesses’ ability to adapt to new lines of business applications and platforms, meet security and governance requirements, and seamlessly orchestrate and analyze data for business outcomes. As a result, a growing number of mid-market companies are recognizing the value of working with partners to transition storage, computing, backup, and hosting services to cloud-based platforms to leverage the scale and compute power they can provide.
Gartner reports that by 2025, the vast majority — 85 percent — of enterprises will have already shifted over to a cloud-first approach. How did this changing of the guard occur so quickly? According to Gartner, it can be traced in part to the COVID-19 pandemic, which has accelerated cloud adoption since 2020, ushering it in as the “de facto new normal.” Gartner analysts including Gregor Petri even go so far as to state that “enterprise architecture and technology leaders should reject any new product that does not follow ‘cloud first’ as a guiding principle.”
Mid-Market Essentials
There are solid reasons behind mid-market businesses moving their data out of on-premise environments, particularly due to the efficiencies obtained from cloud-based business applications in multi-cloud and hybrid environments. This brings us back to data center vendors, who must then be ready to absorb the responsibility and cost of infrastructure capital expenses and maintenance — and it looks like many are already prepared to do so. In 2022 alone, nearly one-third (32 percent) of those surveyed by Insights for Professionals were planning to invest heavily in cloud management, to the tune of $500,000, while nearly 30 percent plan to spend even more. The largest part of this cloud management investment is being channeled toward security, with enterprises intending to spend 82 percent of this budget on data protection.
This is not a passing trend and is expected to have long-term consequences for purchase decisions in mid-market companies. By 2023, as scalability and cohesive cloud ecosystems join the ranks among the top three buying considerations for IT, Gartner anticipates that cloud architects will become key stakeholders when choosing tools for analytics and business intelligence. Here’s another surprising statistic to show the direction we’re heading in: while hyper-scale cloud providers (hyper-scalers) delivered and managed less than 1 percent of installed edge computing platforms in 2020, Gartner predicts this number to balloon to 20 percent by the end of 2023.
Different Needs for Mid-Market Players
There’s a catch, though, about hyper-scalers: most are not built for the mid-market. Therefore, mid-market companies won’t be able to reap the maximum benefit from the ability of traditional hyper-scale cloud providers to bring global business solutions, outsourcing, and consulting capabilities that can help other types of organizations migrate to, adopt, and build cloud-native offerings. It’s true that traditional hyper-scalers excel in leveraging the expertise of their cloud professionals to consult for platform re-architecture, application development, data migration, and transitioning services from technology stacks into macro- and microservices hosted in a data center on-premise, private cloud, public cloud (or any multi-cloud or hybrid combination thereof) — but not generally for mid-market companies.
Let’s drill down into some specific problems for mid-market players around hyper-scale cloud providers:
- It can be cost-prohibitive to obtain the level of help that most mid-market companies require, since most hyper-scalers are priced for large enterprises. Mid-market companies tend to need “white glove” services, which carry the highest price tag.
- Greater needs. Enterprises are more likely to already have in-house teams with the necessary skillsets to work with traditional hyper-scalers, compared to mid-market businesses that often have higher needs for expert help.
- No data analytics. While many enterprise hyper-scalers help migrate data to third-party cloud vendor platforms, their services end there, as they don’t offer data analytics.
Mid-market companies need technical experts to help build solutions on a mid-market budget — specifically, they require a hyper-scaler capable of providing an end-to-end solution focused on the mid-market sector. The goal in evaluating potential solutions providers should be for the cloud foundation to operate seamlessly with end-to-end data management and analytics solutions. With an end-to-end solution, mid-market businesses have the opportunity to obtain the results they desire without wasting time on a “Frankenstein” approach, assembling parts and pieces of multiple technologies and tools in an attempt to construct a reliable system that actually works. It’s only by going the end-to-end route that mid-market companies can receive the greater level of assistance they need on the technology front, as well as benefit from the robust data and analytics skillsets necessary to achieve meaningful business outcomes, without paying enterprise prices.
Ransomware Attacks Now Target Community Businesses
If you think that your business will not be a target for ransomware attackers, think again. This is no longer a problem only for large enterprises—now, ransomware attacks target community businesses as well.
The Battle Creek, Michigan community woke up to a May Day attack that forced its Kellogg Community College (KCC) to close all operations. In the middle of preparations for final exams, all five campuses serving approximately 6900 students closed and all operations came to a screaming halt.
The community college posted alerts on its website and social media:
Eric Greene, the Vice President for Strategy, Relations, and Communications at KCC said: “We are still working to understand the full extent of this incident, but as soon as we became aware of it, we immediately assembled a multi-disciplinary team and engaged independent legal counsel and external forensic experts.”
Greene continued, “KCC had backups in place, and we are working systematically with our IT experts to restore our operations.” But even though KCC had backups, “As a precautionary measure, all campuses have been disconnected and our systems will remain offline until they are deemed secure by our IT experts. As a result, our students and staff might experience delays accessing our services, including campus emails, online classes, and resources,” Greene said.
Back-ups alone are not sufficient to prevent business disruption when a ransomware attack hits. Preventing the attack, rather than having to respond to it, is key. KCC remained closed for three days while IT scrambled. All computer access to university systems had to be shut down in an attempt to stop further damage. The response and mitigation included a forced password reset for all students, faculty and staff, and adding multi-factor authentication (MFA) for all users.
Enable Multi-factor Authentication
MFA is an important security measure when people access systems remotely. It provides an extra level of verification to make sure that the user attempting to access the system is really an authorized user and not a bad actor trying to get in. Modern business regularly includes employees logging in from home, travel and mobile devices to access data and systems from their organization. As such, the old firewall security perimeter around your place of business does not protect you. Modern security requires focus on users and access. MFA is something that is easy to add to your security stack. The protection benefit from MFA far outweighs the resource cost of installing and using the technology. Really, there is no excuse for not having MFA in today’s threat landscape. It is standard.
So if you do nothing else this year to improve your security posture, add MFA. But considering that community businesses are becoming targets for cybercrimes, unless you can afford a complete shut-down of your business, it is becoming a must to have modern security technologies (including robust monitoring so that you are equipped to prevent attacks and are better positioned to respond and mitigate), in addition to back-up and disaster recovery plans.
Shift Applications to the Cloud
Mid-market businesses are shifting security and data center responsibilities from on premise servers and security maintained by their IT department, to partnering with cloud experts who run data centers, keeping client systems stable and secure as their full time business. The trend with line of business applications used by your team for daily operations is cloud. As more and more community businesses use cloud based apps for functions like accounting, customer portals, ERP, CRM and HR, having cloud experts with the tools and the skills to be able to secure your organization’s data (from multiple sources) for safe use by remote users makes more sense than trying to build a security fortress yourself at your place of business.
Partner with Experts
If cybersecurity is not your main line of business, partner with security experts unless you want cybersecurity to become your main line of business. It will consume your resources to stay current with emerging threats, protective means, 24/7/365 monitoring, best practices and constantly evolving security measures. The ever increasing sophistication and volume of attacks has shifted the answer to the “buy it or build it” question for this critical business service from the solution being your in-house IT department to the solution requiring managed security services to supplement your in-house IT team.
Don’t become the next ransomware attack headline. Community businesses can take steps to avoid ransomware attacks. An ounce of prevention, after all, is less costly than the cost of operational shut-down, PR scramble, customer service disruption, brand reputation tarnishment, and emergency security consultant fees paid when you are in the middle of an attack that succeeded.
Managed Services is an IT Workforce Multiplier for Paulding Putnam Electric Cooperative (PPEC)
Managed Services is an IT Workforce Multiplier for Paulding Putnam Electric Cooperative (PPEC)
Aunalytics Brings Professional IT Infrastructure Services Team
to Support Operations Throughout Electric Utility
Fill out the form below to receive the case study.
Aunalytics is a data platform company. We deliver insights as a service to answer your most important IT and business questions.
Aunalytics Ohio Defends EMI Against External IT Threats with On-Demand IT and Data Recovery Services
Aunalytics Ohio Defends EMI Against External IT Threats with On-Demand IT and Data Recovery Services
Leading Commercial Landscaping Operator Finds Managed Services to be the Panacea for Emergency IT Challenges, Including Lightning Strikes and Ransomware Attacks.
