We’ve all seen the news and watched in horror as war has once again, come to Europe. We don’t know what will happen in Ukraine, but every indication is that this will not end quickly, and unfortunately, it could get worse before it gets better. As Americans, as business owners, and especially those in the defense sector, we must assume that cyber threats will only increase. We’re already seeing indications of increased cyber threat activity. Smart companies will develop a game plan for all out cyber war as Russia does not appear to be willing to take any option off the table.
Here are some thoughts on impacts to your business:
Just two short years ago, we faced significant challenges as business owners when COVID-19 shut down much of the world. With those challenges in mind, every CEO needs think through what may happen over the next week, month and year. There are preparations that must be made today, while simultaneously gaming out the potential medium- and long-term challenges we may encounter.
Cyber is the obvious topic here and we have more on that below. But what else might impact your business operations? How would a disruption to your supply chain impact it? How about a loss of critical infrastructure such as power or internet? Its well worth the tabletop exercise to think about the implications. I would also recommend thinking through how these events could impact your clients and your vendors. In 2020, restaurants shuttering not only cost us many fine watering holes, it also caused many IT service firms that focused on the industry to also shut down.
Anticipating possible scenarios doesn’t have to be doom and gloom. Events produce both risks and opportunities. Will your clients have a flood of new business in certain situations? Perhaps a client who supports relief operations will be mobilizing to help refugees. Maybe your client is a logistics firm that supports military airlift capabilities; how will you respond to help them seize that opportunity?
Dwight Eisenhower famously once said, “Plans are worthless, but planning is everything.” I try to emphasize this with my team, preaching that the process of thinking through scenarios gives you the ability to respond faster, as well as to better understand secondary and tertiary impacts of events and the decisions you make.
Consider for a moment how critical technology is to your business: Your financial systems that track how much money you have (and who owes you); the ERP system that is the heartbeat of your operations. Even the simple ability to communicate through e-mail, voice and chat is driven by technology. On a good day, these systems all are potential targets for attack; with the threat of retaliatory cyberattacks, you need to protect what’s yours. In addition, every company deals with multiple vendors, many of which have some access to your data and your operational viability.
The SolarWinds attack in so many ways illustrate why Zero Trust is at the center of every cybersecurity strategy. A trusted vendor with a good reputation in the industry was compromised, which not only damaged their systems, but enabled access to of its clients. A Zero Trust strategy gives you a fighting chance to detect anomalies in a trusted, yet compromised system.
Even if you think you are fully invested in cybersecurity, now is the time to validate that those systems are working and look for options to increase that security. Using MFA? Great. Now is the time to consider conditional access. Using antivirus? Great, now is the time to deploy next-gen antivirus, also know as Event Detection and Response (EDR). If there was ever a time to add that next level of security, its now.
It’s not enough to have a firewall, or strong passwords. Companies now must actively manage their environments and monitor their systems in a way so that a variety of security solutions act in concert. Only a layered, overlapping approach to defense provides you with sufficient protection: if there is a breach of one system, it is discovered by another.
If you’ve made even modest investments in cybersecurity, adding capability shouldn’t break the bank. There are plenty of strategies to add incremental capability that will have a multiplier effect on your security posture.
This may not be revolutionary advice, but its both relevant and smart, especially in today’s world. We all have a responsibility to protect the business that we worked so hard to create. In our case at C3, we also believe we have a vital role to help you secure your business. Sometimes that’s a casual conversation about risks and options. Sometimes it’s a comprehensive effort to achieve technological and cyber maturity. Wherever you want to start, we’re ready to help. Contact us at firstname.lastname@example.org to get the conversation started.