When Elon Musk asserted that we’re already cyborgs (by virtue of our connections to –and reliance upon—smartphones and computers), his comments sparked a heated debate. We won’t delve into those unsettled arguments here, but they’re probably best explained somewhere in the vein of depending on what your definition of ‘is’ is.
But when we talk about cyber resilience, there’s no debate about whether we need to acknowledge both human and machine (software and hardware) vulnerabilities and how to shore them up.
In a nutshell, cybercrooks are as adept—more adept at the present, most would say—at exploiting people as they are at exploiting systems. They’re getting smarter in their attacks and are even aided by artificial intelligence (AI) in their pursuits of data, ransoms, activist revenge and overall chaos.
For these reasons, among others, fully developed cyber resilience strategies incorporate two vital elements in the battle against cybercrooks—security awareness training and cutting-edge threat intelligence. And since 2022 is coming on the heels of another record year for cybercrime, it’s clear that your clients need them both now more than ever. That’s because:
- The numbers are staggering. Perhaps the volume of attacks shouldn’t be surprising. Thanks to ransomware-as-a-service, both established crime rings and entrepreneurially minded crooks can become cybercriminals overnight. An up-and-coming criminal doesn’t even have to be an experienced hacker to get in on the game. Live chat operators are standing by around the clock anytime a user has a tough time with his extortion attempts. (Five-star reviews optional.) Still, when the DOJ announced that the volume of daily ransomware attacks is more than 4,000, the sheer scale of the risk to companies large and small brought into focus just how widespread cybercrime has become. Since phishing exploits humans as a leading vector of attack, equipping your clients with cybersecurity awareness training can go a long way toward protecting them from these ever-expanding threats. And with proper training, they’ll become much savvier about exploits in the world around them to boot.
- Our new way of working makes it worse. It’s no secret that bad actors greedily exploited the business world’s overnight rush to enable work-from-home business models. Those band-aid-and-bailing networks of poorly maintained and under-secured home connections and devices created a booming opportunity for crooks. Nonetheless, how that they’re in place, those models aren’t going anywhere soon. In fact, risks are higher because the workforce is going everywhere. Everyone needs to up their cyber resilience game, including (and in most SMB cases, especially) your clients.
- Threat intelligence is a human backstop, too. Adaptive, instantly updated AI-powered threat intelligence is vital in the war between good code and bad. But it also powers tools that deliver additional layers of defense ]for employees — phishing protection, endpoint security, etc.
Opening Discussions With Clients
Many of your prospects and customers haven’t yet made the leap to a complete cyber resilience posture. That’s especially the case with SMBs, many of which waver between conflicting misconceptions about the efficacy of the antivirus software they picked up in the checkout line at Best Buy and the mistaken belief that the tools they can afford won’t stack up to the threat in any case.
Many of the decision-making personalities in these roles respond well to simplification. An approach that may bear fruit is boiling down the complexities of cyber resilience into a simple, two-pronged proposition. This is done by making their people more formidable on one front and overlaying many points of vulnerability with threat intelligence on the other.