Recovering in a flash: Cyber security for small business owners in a post-pandemic world

Post-pandemic cyber security for small and midsize businesses and technology enterprises is now more of a threat than ever. The rise of remote working has left many firms more vulnerable to attacks, while data breaches have become both more costly and potentially more disruptive.

This article investigates why cyber threats and security breaches have become more challenging and more expensive to monitor and why traditional security solutions do not always work. It goes on to look at how tech-based small businesses can respond by securing sensitive data while also being able to scale operations in line with growth. Finally, it looks at how IBM's flash storage solutions and associated cyber security services can help by evaluating existing operational cyber resilience and offering comprehensive, flexible solutions to suit the smallest budget across various industry verticals.

Data breach costs have hit record levels

An IBM-sponsored research study based on an analysis of 537 real-world data breaches shows that the average cost of a breach in 2021 rose to $4.24 million, from $3.86 million in 2020. The rapid shift to remote working during the pandemic has been a significant driver of this increase, with the average cost of a data breach being over $1 million higher in firms where remote working becomes a factor due to shifting network security practices.[1]

Compromised credentials were the most common root cause of data breaches, responsible for 20% of the total. At the same time, customers' sensitive data – including name, email, and password – was the most common valuable target exposed in such cyber-attacks, at 44% of the total. Even worse, the study shows that the average time to identify and contain a data breach was 287 days – or around ten months!

While lost business represented 38% of the overall average cost of data breaches, the reputational risk has also been tremendous. As Ian Shave, IBM's Worldwide Director of Distributed Storage Sales, points out in a recent interview , one supermarket chain's online operations went down for almost five days, leading not just to loss of business, but also significant reputational damage because "every time cybersecurity risk incidents happen, it's all over social media in a flash."

The latter is not just a risk for large enterprises. According to international specialist insurer Hiscox, 23% of small businesses have suffered a cyber-attack in the last 12 months, with one in six firms surveyed saying the attack had threatened their survival. Ransomware attacks are becoming a bigger problem than ever, affecting one in six firms in the Hiscox survey, over half of whom (58%) paid the ransom. The study reveals that 63% of a small business workforce is now working remotely, while 53% of small businesses in the US believe they are now more vulnerable to cyber-attacks than previous years. [2] ?

Small businesses within specific industries also appear to be more vulnerable than others. The average total cost of data breaches for healthcare companies was a staggering $9.23 million in 2021 – the highest by far of any industry. Financial services rank second, with an average cost of $5.72 million, while the average for the retail sector was $3.27 million – two and a half times higher than the average for 2020.

The risks are real and increasing daily for small tech businesses in healthcare, financial services, insurance, and eCommerce. Not surprisingly, firms have responded by increasing their investment in advanced security protocols, including antivirus software, network security, and security infrastructure. They also limit employee access to sensitive data through password-protected access and multi-factor authentication. According to Hiscox, the average firm now devotes more than 21% of its overall IT spend to advanced cyber security – an increase of 63%. Yet, despite this increase, some key questions remain. Are companies spending on the proper protections and focusing on the right areas?

Emerging tech businesses need to build their operational resilience

According to Ian Shave, IBM's high-profile customers are getting attacked multiple times per week – in some cases almost daily. "Unfortunately, you can't stop everything. These cyber attackers have been very clever, and they'll copy people's user credentials, and they'll figure out ways to log in, even if it seems very secure," he says.

The key to successfully dealing with a cyber attack is to focus on resilience. With ransomware now emerging as a rising threat, this means looking at how to minimize the disruption of a successful cyber-attack and recover digital assets quickly and safely. The solution to this challenge can be found in flash storage .

How flash storage speeds recovery and reduces costs

Flash storage is a solid-state technology that uses flash memory chips for writing and storing valuable data. Flash storage can achieve swift response times (microsecond latency) compared to hard drives with moving components. It is highly available and uses less energy and physical space than mechanical disk storage. As a result, it has the potential to be the most cost-effective data storage solution for a small business while also offering world-class operational cyber resilience.

Today, flash memory is in everything from mobile devices and digital cameras to vehicles. For large enterprises, the speed and density of flash have made it the storage technology of choice, and it has primarily displaced hard disks in data centres.

When speaking to clients who have experienced data breaches, the first thing attackers tend to target is a company's backup data. Therefore, it's essential to have a solution that creates immutable and isolated copies of mission-critical data.

IBM's 'cyber vault' solution builds on flash storage capacity can create those immutable copies. In the unfortunate event of a successful cyber-attack, those immutable copies are already there, and a firm using such a solution only needs to recover the copy kept in a safe and isolated environment. Such an environment is supported by testing and validation capabilities which allow the easy recovery of the data into a production state.

This process allows IBM's clients to cut the time for recovery from an industry average of 23 days down to an average of three hours. The latter significantly reduces the disruption of any attacks, minimizes the business cost, and almost entirely eliminates any reputational risk, as clients are nearly not impacted.

For companies that want an end-to-end solution, IBM's flash storage solutions also integrate with other cyber threat prevention services that automatically detect data breaches. The latter also cuts the recovery time because the faster a firm can detect a breach, the more they can mitigate the potential disruption and the faster they can recover.

Flexibility is key

Martin Bruce is IBM's FlashSystem Sales Leader for EMEA. Martin shares that the key to providing successful storage solutions that evaluate operational resilience and promote cyber risk prevention is to assess a client's genuine challenges and needs and then build a solution to fit them. Whether a small tech firm is in the insurance, financial services, healthcare, or eCommerce space, the storage solutions are industry agnostic and likely fit its needs.

"Everyone needs their storage to be on all the time and available now, and I think that, as the press shows, every industry is exposed to the same security concerns. It can be a hospital today, and it can be a supermarket tomorrow, it can be a financial services company the next day," Martin says.

The key is to offer a range of flexible solutions that companies can tailor to their specific security, scalability, and compliance requirements. This flexibility of approach has led to many successful client implementations. For example, fast-growing healthcare provider Group Bastide deployed IBM FlashSystem? 5000 storage arrays which, by asynchronously replicating data between two sites, protect against data loss in the event of a disaster or data breach.[3]

Similarly, insurance firm W&W-Group wanted to recover quickly in the unlikely event of an IT disaster. As a result, it deployed a highly-available backup solution based on IBM Storage systems and IBM? Spectrum? technology.[4] At the same time, the UK's Coventry Building Society chose to deploy IBM's FlashSystem arrays to optimize service quality and build innovative customer experiences.[5]

Scalable enterprise-level flash storage to suit all budgets

Martin and Ian both recognize that small business owners may not be as familiar with flash storage technology as their enterprise peers and that they might assume the cost is too much for them to bear. However, as Martin says, "IBM's flash storage solutions start at around ￡30,000 or €33,000 for 25 terabytes of exceptionally high-performance flash storage – and that's with the operational cyber resiliency features all in and working." You can find out more by reviewing our discussion here.

With high-performance, scalable storage, immutable data back-ups, increased efficiency, and lower costs, IBM flash storage solutions are adaptable, modular, and resilient. The latter means that they can offer the same functionality as enterprise solutions while being priced to account for lower volumes of data.

Recover from cyber threats in a flash

When it comes to cyber security and cyber resilience, there is no more cost-effective solution on the market today for tech entrepreneurs, and small and midsize businesses that need help to reap the rewards data offers with agile, low-cost, scalable, cloud-ready and secure storage that can be configured to every business needs at an affordable price.

To find out more about how IBM Storage Solutions and IBM FlashSystem can support your cyber security and storage needs – and help you recover in hours rather than weeks – click here and follow the hashtag #resilientwithIBMFlash

Looking forward to receiving your comments and views on how technology can help you become operationally more resilient.

About Ian Shave, IBM WW Director, Systems Storage, Distributed Storage Sales

A leader in the IT industry, Ian is known for providing market insights and developing business strategies that lead to successful businesses across geographies. These insights drive client business efficiency and highlight how digital transformation can drive business growth, increase profitability and maximize value from IT.

About Martin Bruce: IBM EMEA, Flash Storage Sales leader

With more than 20 years of experience in hardware technology, Martin is currently leading the IBM EMEA FlashSystem Sales team, helping clients and their IBM business partners master the challenges and exploit the benefits of a hybrid multi-cloud world.?

?

Sources:

[1] https://www.ibm.com/downloads/cas/OJDVQGRY

[2] https://www.hiscoxgroup.com/sites/group/files/documents/2021-04/Hiscox%20Cyber%20Readiness%20Report%202021.pdf

[3] https://www.ibm.com/case-studies/groupe-bastide-healthcare-power-sap

[4] https://www.ibm.com/case-studies/ww-group

[5] https://www.ibm.com/case-studies/coventry-building-society-systems-storage

?