As promised in our December newsletter, I wanted to provide everyone a little more depth regarding the 2021 year-in-review and share some of my opinions regarding IT and IT trends to watch in 2022. As I began writing, I quickly realized those needed to be two separate editions, as each was worthy of it’s own focus. Therefore, this blog post will focus on the 2021 year-in-review – I’ll follow with a separate 2022 look ahead – and each should only require five minutes of your time.
Unfortunately, the IT security landscape got more dangerous in 2021, not less, and small businesses of under 50 employees are increasingly the target. However, only 53% of small business place a high priority on cybersecurity. The good news is that by working with Suite3, you can be counted among that 53%.
As recently as less than ten years ago, many felt they just had to buy a firewall, install antivirus software, and run Windows updates once in a while, and they were good to go. That, however, barely scratches the surface given modern small business IT security threats. What started as patch management has expanded to vulnerability management, and that has a much greater scope as evidenced of multiple, news-worthy vulnerabilities throughout the year.
High profile vulnerabilities that affect businesses of all sizes world-wide in 2021 included a Microsoft Exchange Server Zero-Day Exploit in early March, followed by “PrintNightmare” in late June, “HiveNightmare/SeriousSAM” in July, and most recently “Log4j” in December.
To help clients make sense of understanding a “vulnerability” from an “exploit” from a “zero-day”, we focused on educating folks so a common understanding of these critical terms was achieved. In addition, we tried to explain why vulnerabilities exist and how the key to IT security is to master addressing what is under your control.
From an impact perspective, small businesses saw a 33% increase in ransomware payments in the first half of 2021, and ransomware is only one of four common Quadruple Extortion Tactics seen in most security events.
To make matters worse, the cure could often feel worse than the disease. Multiple times in 2021, patches and updates were rushed to solve a security vulnerability, and ended up causing widespread issues and errors. One example was when Windows 10 Cumulative Updates caused widespread printing issues back in March. In addition, the adoption of new and powerful security solutions could lead to unintended consequences for users used to being able to do things like install software on-the-fly.
Suite3’s security approach has matured over the years to meet these rising challenges. In fact, we shared back in April how Suite3 helps our clients adhere to NIST standards whether they realize we are or not, and followed in June with the ways Suite3 helps to prevent ransomware.
However, as we instruct in our Security Awareness Training series, should all else fail, the last approach needed to be prepared for a potential cyber security is to be sure to have a stand-alone cyber insurance policy. To help clients with this process, we provided a couple of key questions to ask your agent to be sure your cyber insurance will cover you when you need it. However, with payouts becoming more common, insurance companies are trying to stop the bleeding and are now requiring certain baseline security solutions be in place prior to offering or renewing cyber liability policies. Most common among the security approaches required is enabling multi-factor authentication on anything that will accommodate it’s use. However, if a client is fully implemented with all Suite3 security solutions and recommended approaches, we’ve found clients have no issue with obtaining the insurance they require.
And that was 2021 in review. With all of the challenges faced, we end the year in a better position than we entered. Clients are more secure, more educated, and in a better position to defend against IT security threats than they were at this time last year. Next, we’ll focus on looking ahead and plan for 2022 to continue forward, keeping our clients as safe as possible to deliver on their mission and get business done.
Dave DelVecchio – President – Suite3