The word resilience comes up a lot these days. In the world of cyber security, it’s been increasingly important since the focus shifted from preventing cyber attacks to recovering from them. But in 2020, it’s impossible to hear that word and not think about the pandemic.
It was no surprise, then, that an OpenText webcast called “Imagining a Single Cyber Resilience Solution” talked about resilience in both contexts. And it was appropriate that the first speaker was Craig Stilwell, who began with a short talk on a different kind of resilience.
Stilwell is executive vice president and general manager of SMB and consumer sales at OpenText, which was hosting the virtual presentation as part of a series of on-demand videos called Enfuse on Air 2020. (It opened on Nov. 10 and will end the week of Dec. 1. The videos can be viewed by registrants at any time until Dec. 31.)
Stilwell started by discussing the resilience of Carbonite and Webroot, which OpenText acquired late last year. Some viewers undoubtedly knew the backstory that Stilwell did not discuss. He was Carbonite’s chief revenue officer at the time of the acquisition. And he’d only been there for seven months. Shortly before his arrival, Carbonite had acquired Webroot. So Stilwell has a personal story of resilience that probably could have filled the webcast.
Though he wasn’t there to talk about personal resilience, he did want to reassure his audience about the health of his former company. The acquisition of Carbonite has paid dividends, he said. Some MSPs have expressed concern or uncertainty about the deal. Managed service providers are important to OpenText, he continued, and the company had them in mind when it made the move.
OpenText’s strong balance sheet has created more opportunities for aggressive investments in security, back-up, and recovery technology “than we ever would have been able to do as a standalone company,” Stilwell emphasized. This was his preliminary message about resilience: Carbonite and Webroot are doing just fine.
The Special Challenges of 2020
Then he turned to other challenges that we all know quite well. This year of Covid has made us more dependent on technology than ever. We need it to work (wherever we’re working from), to buy supplies, to connect our children to their schools. “We need it to stay connected to other human beings,” he added.
The attack surface for the bad guys has vastly expanded. “We’re more vulnerable than we’ve ever been,” he said. “We’ve never needed to be more resilient than right now.”
It’s all about the ability to bounce back from adverse events—“to get back to the business of running your business,” he said. The adverse event could be a ransomware attack, a fire in a data center, or a laptop that’s dropped on the pavement. Each can be a test of resilience.
He flashed some statistics on the screen. There were more than 150 million ransomware attacks last year. In 2018, 43 percent of small businesses suffered data breaches. Total financial losses from cyber crime that year were estimated to be $2.7 billion.
It’s no mystery why. Data is everywhere. Attacks grow more sophisticated all the time. Gone are the days of broken English pleas from a Nigerian prince “who desperately needs your help to move your money out of the country,” Stilwell said, sounding almost nostalgic.
Companies need to keep up. Security technology and training need to match the challenges, he said. The cost of failing to be resilient, he continued, is not just lost revenue and productivity. It can reduce customer confidence and, in the case of smaller companies, threaten their very survival.
The Path to Resilience
The solution? Companies need cyber resilience strategies, Stilwell emphasized. They need to give IT the necessary resources to secure data and devices wherever they are—whether that’s homes or offices. What OpenText offers, Stilwell said, is a comprehensive approach that simplifies security management and recovery—all from a common platform.
At this point, Stilwell turned over the presentation to Hal Lonas to explain how it all works.
Lonas is a senior vice president and the chief technology officer of OpenText’s SMB and consumer segment. He began by addressing MSPs, as Stilwell had done earlier. MSPs are prime targets for attack, he said. More than half have acknowledged that security is their biggest “pain point.”
How does OpenText ease that pain? It shares responsibility for customers’ security and the protection of their data. OpenText is the expert, he said, so that customers don’t need to be.
It offers a range of solutions. On a slide, Lonas ticked off best practices MSPs are advised to follow—things like patching and updating remote admin tools and enforcing least privilege accounts. He explained the security and data protection platform that starts with security awareness training and runs through rapid recovery.
He also showed a slide of the business management console. Cloud-based, it’s designed to simplify use of the complex tool that has multi-customer, multi-location, multi-administration capabilities. The tool allows administrators to manage, view, report, set policies, and enforce access rights at each level of the multi-tiered platform.
What to Watch Out For
Lonas passed the baton to Paul Barnes, OpenText’s vice president of product management. Like Lonas and Stilwell, he also came to the company through the Carbonite/Webroot acquisition.
His presentation was about the changing threat landscape, especially since the onset of Covid-19. For instance, ransomware attacks have been yielding larger and larger ransom payments. In January, the average was about $84,000. By June it had ballooned to more than $175,000.
Barnes pointed out some of the vulnerabilities of working from home, as so many of us are now doing. Home computers encounter twice as many infections annually compared to business devices, he said. Household members often share a single admin account. And they often share unencrypted online file-sharing services. On top of that, browsers and applications are not updated often, if they’re updated at all.
There’s more. Home WiFi networks are not always set to lock out intruders. Routers often use the default passwords they were programmed with in the factory. And firmware is rarely updated.
Barnes ended his presentation with some valuable tips: