We believe that a good IT system can be key to enabling our customers to succeed as a business. The "interesting" parts of IT are all about enabling that success.
However, as I write in November 2022, I reflect that over the last few years we have seen an explosion in security threats affecting our customers, and businesses as a whole. A decade ago attacks only affected small business such as our customers a few times a year. So long as customers had good antivirus, firewalls and backups, most of our customers were well protected.
In recent years, cyber-attacks have become much more widespread, and now affect small companies as well as large ones.
Some examples of common attacks happening every day against our customers include:
Login attempts using passwords harvested from the dark web
“Phishing” attacks via e-mail, either to get usernames and passwords, or to steal money
Attempts to install malware to capture your information, or your customer information
“Ransomware” attacks aim to make your systems unusable unless you pay a ransom
Attempting to use your systems to launch an attack on your customers
Attacks on your data in the cloud
We wish we could say these attacks would reduce, or that there was a piece of technology we could put, in place to guarantee to protect you. Unfortunately that is not possible. There is no silver bullet. There is still the need for layers of security.
2 sides of the same coin - better systems enable business success, and increase risks
Cyber-security has, unfortunately, become a battle to protect businesses from the many attacks that they may be susceptible to. It is the natural evolution - with the massive explosion of cloud systems that help businesses to succeed and do things that weren't possible 10-20 years ago, that there has been a corresponding growth in security vulnerabilities in those systems, and growth in people trying to exploit those vulnerabilities for their own gain.
In the same way that cloud systems have enabled small businesses to have fantastic tools previously reserved for larger businesses, their has been similar growth in tools for hackers!
The attacks have become industrialised. Whereas in the past attacks would mainly be either a highly skilled hacker targeting a specific company, or a virus that could propagate easily through computers that weren't well protected, but if it became successful, it would also soon become detected before too many people got affected.
Now the tools and data are to perform attacks are easy to use, and available to many more people who want to be potential criminals - be it on a large or small scale.
Keeping secure, whilst not blocking success
There is a delicate balance between protection and enabling success – sending e-mails, transferring files, and using systems to collaborate with your customers and suppliers is critical for many of our customers to succeed. Even with all the new systems, e-mail is often still a key communication mechanism.
However sometimes it is very difficult – for humans and systems - to tell the difference between a legitimate e-mail and an attacker e-mail.
We aim to put in appropriate systems, at reasonable prices. The artificial intelligence in those systems can do a very good job at protecting you from attacks, however, sometimes they get it wrong. As a result, sometimes your customers or suppliers may inadvertently block messages that you send to them. And sometimes systems we have put in place to protect you, will accidentally block a valid message.
Therefore we have found we actually spend considerable time helping our customers to get their valid messages through. Even if 99% of "real" messages get through, if just a few "valid messages" that should have got through, are being blocked, they can have a significant effect. This can occur either you sending messages, or receiving messages from your suppliers and customers.
Therefore as well as helping customers stay secure, increasingly we find that our team spending significant amounts of time help customers to track down why some valid messages are failing to be successfully sent or received.
Protecting our customers
What we are doing, is being prepared and adding further layers of security to protect our customers. Unfortunately, these additional layers all take time and money to maintain and police.
All our customers have now had our "core security" baseline and protections applied. Many customers wish that this "makes them completely secure". Unfortunately that is not the case - it does reduce the risk, and protect the company.
Over the next year we are already seeing the need for customers to consider cloud, endpoint protection systems, and security awareness training that we will need to recommend over the coming months and years.
We do our best to ensure the solutions we propose are proportionate to the risks to your business. This may also be shaped by your insurers, as there will be a constant evolution of what risk you are prepared to take, and what an insurer is prepared to cover.
We now have dedicated teams regularly reviewing these security systems, such as e-mail security, anti-virus, and backups, to check that the protection is working as intended, ensuring we can respond when necessary, and to be constantly evolving your protection as the threats and systems evolve. The time and cost involved in providing this level of attention is increasing every year.
However, it is not just us and our customers - it is the same for every business that wants to succeed. However the good news is that on balance, although the increased time and expense of staying secure is frustrating, the capabilities enabled by the modern workplace of the latest cloud, on-premise, and mobile systems enable businesses to succeed in way that wasn't possible in the past. The technology enables your colleagues to achieve great things.
Therefore we will continue to focus on helping our customers to succeed, whilst ensuring the security is appropriate to minimise the risks. Ultimately, getting the balance right, should enable our customers to succeed profitably.