Cybersecurity conversations – moving the dial from 'if' to 'when'

Specialist on how UK SMEs can avoid the 'Dracula moment' in cyber

Cybersecurity conversations – moving the dial from 'if' to 'when'


By Mia Wallace

This article was produced in partnership with Hornetsecurity Group

Mia Wallace, of Insurance Business, sat down with Colin Wright, VP of Sales – EMEA at Hornetsecurity Group, to discuss the range of cybersecurity solutions currently available to SMEs.

Educating businesses on the cyber risk they face without veering into the arena of scaremongering is a delicate tightrope that all successful cybersecurity firms must walk. But when you read a survey like the one recently conducted by Hornetsecurity which revealed that almost 24% of IT professionals say their organisation has been the victim of a ransomware attack – you realise the conversation needs to shift from “what if?” to “when”.

Speaking with Insurance Business, Colin Wright (pictured), VP of EMEA at Hornetsecurity, warned of the need for the right, solution-led conversations around cyber risk to prevent ‘cyber fatigue’. Businesses need to understand the breadth of the risk they’re facing, he said, and the twin myths that need to be busted are – firstly, that it won’t happen to you and secondly, that the threat actors you’re dealing with are anything less than sophisticated and highly organised.

High-profile attacks on multinational conglomerates may dominate the headlines, he said, but a small business being targeted will inevitably be impacted to a greater degree due to the lack of resources at their disposal.

“The average downtime that we see is 22 days. Now imagine being down for 22 days with no access to your data or your network,” he said. “What is the impact of that on your business?... And these guys out there on the dark web are buying millions and millions of email addresses and they’re just taking a shotgun approach, knowing that somebody somewhere is going to click. It’s just a matter of time.

“Training individuals to know what to look out for is so important and we bought a fantastic technology called IT-SEAL that does security phishing training. But if you don’t have anything in place, somebody is going to click, and I term that the ‘Dracula moment’. Because the only way a vampire can come in is if you invite them over the doorstep. And that’s the same with ransomware – it will come in because we as humans are inviting it into our businesses.”

From his perspective, Wright said, businesses are moving from a human pandemic into a rapidly evolving cyber epidemic – and it’s unsurprising given how reliant we all are on technology and our intangible assets, and how easy it is to get tripped up. A single letter in an email address is all it takes to fool somebody, and users simply don’t have the time to challenge every email.

Reports reveal that about 93% of ransomware threats come in via email, he said, but that’s not where the cybersecurity budget of many businesses is being directed. And because they’re not actively investing in such solutions, what a lot of businesses do not realise is it does not have to be expensive to protect yourself but is non-negotiable in a modern trading environment.

“I heard the other day at an event that 40% of companies, large and small, have no recovery plan from ransomware,” he said. “So, I would challenge everybody to look at that and think ‘what if?’ How will it impact your users, your business, your customers, your staff? Are you going to pay the ransom? Do you have cyber insurance?

“And cyber insurance is great but when you’re hit with ransomware, cyber insurance isn’t going to get your business back. It’s just going to give some money in two months but will you be back online in two months’ time? In fact, we recently ran a webinar that discussed this exact topic with an insurance expert that was very well received – it’s well worth a watch to learn more.”

It is with this conundrum in mind that Hornetsecurity is developing its ‘immutable storage’ solution. Immutable backup is a highly effective way to minimise the impact of a malware attack, he said, by locking up data every time a backup is made in a way that effectively throws away the key to that file. It’s a storage solution that is starting to be picked up by several vendors and Hornetsecurity is focusing on its implications for SMB clients.

“The big guys can fend for themselves, they’ve got teams of people in place to support them, but why shouldn’t the smaller guys have access to the same level of protection? And it doesn’t have to be expensive,” he said. “Immutable storage really is the last line of defence in the terms of sealing the lock and throwing away the key but in a way so we can recover everything from that backed up file – you just can’t inject anything new in.

“I think the biggest challenge you’ll see to ransomware threat actors moving forward next year will be immutable storage, and they’ll have to find other ways to get into our systems. But I would say to anybody not backing up their environment that they’re not protecting themselves from any form of ransomware. It is the last line of defence – if you look at a Navy ship, they have cruise missiles and all the latest technology but along the sides, even the newest ones still have old-fashioned Gatling guns. And backup is the Gatling gun of protection from ransomware.”

Immutable storage is not just a solution for clients, Wright emphasised but also has significant implications for insurance companies. Insurers don’t want to be paying out high ransom payments, and he believes they should be actively exploring the cost-efficiencies and operational efficiencies afforded by immutable storage – and pushing that out if not mandating it for insureds. It’s a solution that protects everyone, he said, all allow the cyber insurance and cyber security chains.

Constant media reports of cyber incidents incapacitating businesses and organisations of every size and structure also exemplify why everybody should be carrying out regular backups, including on any collaboration platforms such as Microsoft Teams where users tend to share critical information

Wright advised constant testing of these backups, and working with the right providers to find the simple, accessible, affordable solutions that are available to help mitigate cyber risk.

There are lots of companies out there doing great work, he said, and he would happily validate users looking around to find the solutions that work best for them and their businesses. Of course, cost is a major consideration, particularly for SMEs in the current financial environment but he noted that at the core of this discussion is a simple fact – businesses cannot afford not to pay for the right solutions.

“It’s too expensive not to invest in this,” he said. “It’s too expensive to leave that door open. It’s about how much you value your data, your employees, your customers and your customers’ data – and its role in paying your bills and your mortgage. So, it’s finding the right fit for your particular business and we think at Hornetsecurity that we have solutions that fit from the very smallest customer to the very biggest.

“And I wouldn’t ever want anybody to walk away and not have protection without looking at technologies such as ours. I think the idea this has to be expensive is part of the misconception around the whole tagline of cyber. People hear about Microsoft being hit and think ‘oh my God, protecting against that has got to be expensive’. But it isn’t, it’s only expensive if you haven’t looked into what the solution is. And it becomes very expensive if your data disappears…  The impact of doing nothing is the biggest expense you are ever going to subsume.”

Colin Wright joined the Hornetsecurity Group in 2016 to head up the EMEA sales team. He has a wealth of experience in technology sales strategy, having worked in the industry for over 20 years. Colin has an impressive track record for having nurtured the growth of a number of cloud and virtualisation-centred companies and has created a number of successful EMEA sales operations. He previously set up and led companies such as Veeam Software, Vizioncore Inc, Scriptlogic and Embotics.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!