2019: Cyber to the People, Especially to Those in Professional Services Agencies
As 2018 comes to a close, we must look forward to next year. Why? Because cybercriminals looking to hack, steal and hold information for ransom are already working hard on their next generation of attacks – and unlike your company’s budget, they don’t need to wait until Q1 to get started.
This year, we saw more complex and large scale data breaches, crippling ransomware attacks on cities and businesses and nation-state attacks becoming all-too-common, not to mention chronic challenges for small and mid-sized businesses (SMBs) and mid-market companies in implementing cybersecurity tools relevant to their risk-levels.
In 2018, almost 60 percent of all malware attacks impacted small businesses, according to Verizon’s annual Data Breach Investigations Report. Yet, due to the lack of time, budget, knowledge and acumen, it is increasingly difficult for small and mid-sized businesses to effectively identify their company’s wants and needs. These sized companies simply cannot afford to invest in products or services that require lengthy installation and require significant external upkeep. At the same time,
each small and mid-sized business must ensure that their recurring investments also support cyber insurance, regulations and standards requirements.
So, as attackers continue to prioritize targeting smaller companies in the new year, how should the cybersecurity industry respond? We discuss this, and share some other thoughts about 2019, below:
The Democratization of Cybersecurity
Cyberattacks targeting small and mid-sized businesses are rapidly increasing in frequency and complexity, yet the vast majority of the cybersecurity industry continues to do nothing to help smaller companies. To date, the choice has been made by most companies to chase the fortunes that only enterprise-sized deals can provide, while leaving the most vulnerable businesses to fend for themselves. In 2019, this begins to stop, as cybersecurity vendors come to realize the following:
- Eventually, the industry will be held accountable when the aggregate of attacks on small businesses inevitably prompts economic peril.
- Plenty of opportunity exists for cybersecurity companies to maintain healthy profit margins, while also scaling their services to help those with fewer resources in need.
The democratization of technology has been occurring over the past decade in almost every industry but cybersecurity (see SaaS and CRM). This democratization of cybersecurity will be instrumental in creating a secure ecosystem of businesses, vendors, third-party suppliers and touchpoints all along the supply chain, making it more secure and much harder for cybercriminals and hackers to gain access to enterprise networks and their data. It will also foster a better working relationship among businesses as they will be able to assist each other in identifying and preventing attacks.
Professional Services Agencies Put Their Clients at Risk
Much of the cybersecurity conversation in 2018 focused on the threats posed by the supply chain, and how attackers now identify the most vulnerable partners as the attack vector to exploit their primary targets. While supply chain vulnerability concerns are warranted, the conversation fails to consider the partnerships that spur an even greater source of risk: the professional services agencies that brands of all sizes regularly rely upon.
Today, agencies retain sensitive customer data, marketing strategies, market and competitive research and much more – often for multiple clients. That means that agencies hold a treasure trove of data. In addition, most agencies rely on cloud services (Box, Dropbox, Office 365, Slack, G Suite, etc.) for business operations, productivity and efficiency. Because of limited IT resources, these agencies often don’t realize that these cloud apps are highly vulnerable to cyberattacks, even with the security protections inherent to each service.
Evidence and common sense suggest that professional services agencies, especially those in marketing communications, digital advertising, PR and insurance, are the next big target, especially as attackers continue to identify vulnerable third-parties to fulfill their objectives. That means agencies, including but not limited to PR firms, accounting firms, advertising agencies, staffing firms, actuaries and more must bolster their defenses before an attack occurs. Should even one attack be successful, it would tarnish client relationships, result in lost business, facilitate lawsuits, disrupt business continuity and even force an agency to close its doors for good.
Next year, professional services firms, along with SMBs, will need to implement, if they haven’t already, the tools that are available to defend themselves against the evolving threats in cybersecurity. Platforms, such as ours, can provide a complete suite of security – from hardening endpoints, to identifying and preventing users from joining risky networks, to blocking suspicious behavior and stopping malware spread – offering total data breach protection at an affordable cost.
In 2019, Coronet will champion “Cyber to the People” and work diligently along with our partners at Dropbox and Lenovo to bring enterprise-grade data breach protection to all companies that use the cloud.
Interested in getting a jump before the new year, join our platform risk free for 30 days.