June, 11 2021WRITTEN BYMadison M.
Since the start of 2021, we’ve heard more and more horror stories of companies experiencing ransomware attacks, forcing them to shut down their business temporarily while business leaders and experts work to re-secure their systems (which may include paying out millions of dollars to the hackers).
When the Colonial Pipeline, the largest fuel pipeline in the United States, was brought down by a ransomware attack in May 2021 it caused panic and chaos for drivers across the Southeastern US as thousands of gas stations suddenly ran dry.
While this may seem like an extreme case, the damage was real. One company’s vulnerabilities created a wave that’s hard for other businesses to ignore. How can a company so large and so well established find itself in such a helpless situation?
But, that’s the frightening part isn’t it? No company no matter the size, vertical, or function is immune to system attacks. With cybercrime as a whole up by 600% since the beginning of the global pandemic, the White House is urging businesses to take their cybersecurity and contingency planning seriously.
Attack prevention: cybersecurity is only beginning
Businesses have been taking heed of these trends and allocating more of their IT budgets to cybersecurity measures.
But is it enough to simply invest in cybersecurity technologies? The shocking answer is no. According to PurpleSec’s 2021 Trends Report, 75% of companies infected with ransomware were running up-to-date endpoint protection.
If companies are taking all the necessary IT precautions and are still vulnerable to attacks, it begs the question:
What else can companies do to protect themselves?
Are there other measures that should be taken operationally to build up resistance if an attack were to occur – a way that keeps a business from completely shutting down and disrupting all operations until they’re back online?
“The recent cyberattacks have forced companies to see ransomware as a threat to core business operations and not just data theft, as ransomware attacks have shifted from stealing to disrupting operations,” according to Anne Neuberger, cybersecurity adviser at the National Security Council, (Reuters).
It’s no longer just data security that businesses need to be concerned about, but operational resiliency as a whole. Once hit with malware, 34% of businesses affected took a week or more to regain access to their data (PurpleSec).
Could your business afford to take an entire week off?
The real cost of the ‘it will never happen to us’ mindset
So many of us fall into the trap of thinking, “Oh, this won’t happen to us,” but the sad reality is that it can happen to anyone at any time. And unfortunately, the scary thing is that cyberattacks aren’t the only threat to our operations, broadly. There are social and environmental factors beyond our control and nearly impossible to predict that could significantly impede our ability to operate, like natural disasters or wars.
You have an awesome, rapidly-growing start-up in beautiful Los Angeles. You’ve hired the right people, have built up a great team (going on 50 employees!), all working together in your company’s first official office. You built your e-commerce site and customer database from the ground up and your customer support team has been non-stop answering phone calls about your new, innovative product.
Suddenly, you get the alert to evacuate: Wildfires are nearing and smoke is quickly clouding your city. Government health officials have declared the air quality near your office unsafe for work. The wildfires have already caused a few employees to evacuate their homes and move in temporarily with family members who live out of town.
Your phone, internet, homegrown order management system, and databases are all connected to your office location and not everything is in the cloud and accessible from anywhere. You don’t have a phone IVR system installed yet (it’s been on your list along with a million other things).
If you’re forced to evacuate, you’ll lose the ability to process orders or field inquiries from your customers … on top of the mess this makes in your intraoffice supply chain!
Your head is spinning. Everything you’ve worked so hard far, coming down to wildfires threatening to destroy your progress.
Or maybe this scenario will resonate more:
Your new tech product launched and customers can’t get enough – amazing! Your products are flying off the shelves and the demand isn’t slowing down. Your 3PL has agreed to work around-the-clock to get these new orders processed and shipped out as quickly as they can...
When that partner is suddenly hit with a ransomware attack, completely gridlocking their systems… and your products.
What do you do? You don’t have time to source and vet a new 3PL partner, let alone get them integrated and up and running in time to bail your business out. Your backlog is growing by the second, and all you can do is watch and hope for the best.
If either of these scenarios struck a nerve, it might be time to ask yourself, Is my business structured to set me and my team up for long-term success and sustainability?
With so many things that can have tremendous impact on our businesses outside of our control, security and agility are not “nice to haves” in your corporate planning.
According to PurpleSec, the average cost of a ransomware attack on businesses was $133,000 as businesses lost around $8,500 per hour due to ransomware-induced downtime. This doesn’t include the significant costs to “picking up the pieces” after a cyberattack nor the lasting impact of bad press.
With hundreds of thousands of dollars and your business’s reputation at stake, you must set the foundations to be able to weather any sort of internal hiccup or externality.
In our blog, Are You Taking too Much Risk with Your Partners, we discuss the many risks a business or team within a business is exposed to, and discuss the effects that having to abruptly pivot and sacrifice other areas of the business to rally to solve these operational emergencies can have.
But what if you didn’t have to do that anymore? What if you could set up your team in a way that ensured a high level of operational stability even in the face of one of these events?
Make your business resilient and agile
When we think of ‘agile’ in the business sense, we tend to think of it only applying to engineering teams and their production framework.
Yet, the reality is that all teams in a business should be agile – able to react quickly to new information and course-correct if needed.
Consider the earlier example of the business leader who watched helplessly from the sidelines as his logistics partner was taken offline by a cyber attack. Now, imagine if he wasn’t reliant on a single 3PL and had purposely taken a multi-vendor approach where he had one (or two) others ready to take on the work that Partner A had to unexpectedly drop.
Similarly, the leader impacted by the California wildfires would have had a much easier transition if he had diversified his exposure: cloud-based software that could be accessed from anywhere in the world and having a different homebase for the order processing department would have made the team significantly less exposed to their downtown San Francisco office.
Achieving resilience: taking a multi-vendor approach
Creating resiliency and redundancy in your business isn’t easy and it won’t happen organically. Perhaps that’s why in a recent study by IBM it was reported that resiliency is the number one priority for business leaders over the next couple of years.
It’s also why we recommend leveraging the power of partners and employing a multi-vendor approach to build in supplier redundancy and reducing single counterparty risk by avoiding putting all your proverbial eggs in one basket.
As you take inventory of your business and the risks associated with it, consider the extent to which you are reliant on your internal teams. If your whole office is located in Houston and there is a once-in-a-lifetime storm that knocks out power to the area, your business would shutter.
For this reason, we strongly advise spreading your labor resources geographically and, if possible, spreading the work across internal and external teams.
For work that isn’t core to your business but is extremely important for continuity (perhaps customer support or accounting, or recruiting), we recommend not only leveraging external resources.
The key is to not just select a single contact center or business process outsourcer (BPO) to handle a function, but rather to leverage the power of multiple, overlapping partners to work on your business. With this multi-vendor approach, you’re able to carve the work out to trusted partners who excel at the functions they are performing.
This overlapping, multi-vendor approach, inherently makes your business more scalable and resilient. Should something happen to any one team, the others can step in to absorb that work significantly faster and cheaper than it would be to spin up an entirely new partner.
Security and resiliency are not the places to cut corners. Quite the opposite - these are the places you should invest in for the long haul. The unexpected is inevitable so you should set yourself up/have the best measures in place to carry on if a cyberattack - or any other unforeseen event - impacts your business.
ArenaCX can help you build resilience into your business operations
Don’t get caught shutting down every function of your business when the unthinkable happens. This is our speciality. Let us help you become more resilient today with a complementary analysis of your business and quick changes you can make to make it more secure.
Our team would love to help you find and manage a tailored portfolio of partners to give your business the agility and sustainability today’s modern world requires.