The Question That Every Business in Mexico Must Answer in 2022

Am I being totally ridiculous in bringing up important questions regarding cyberattacks? Is it outrageous of me to mention the word “cyberattack?” If so, then I’m sorry. I am and truly mean it.

It seems, though, that businesses are faced with questions on a daily basis when it comes  to their own cybersecurity policies. It is in the news regularly and, indeed, world leaders speak of it often.

“How much of an increased threat are we now faced with, John?” This was a question that was recently asked of me by a group of business thought leaders a few weeks ago.

“Well,” I replied,” it seems that there’s thousands of reports out there that we know about and lots that we don’t know about. How much can you see out there that’s reported in the media?” was my response.

Another question that I get asked on a regular basis from my business acquaintances across Mexico is whether their business needs cybersecurity. While I’m expected to give a direct “yes,” to their surprise, often that’s not the case and it’s not always a straight answer that I give. I often counter the question by asking, “Where would your company end up if you had an attack? Would it end up in intensive care, in a coma, on a life support machine or worse still, dead?”

While my question resembles a doctor-patient conversation, indeed that’s the reality we’re faced with today. The cyber health of your company is down to how resilient it is if faced with an attack. And that’s the key question: Where would your business end up?

Other key questions that you need to ask yourself: Can a hacker see vulnerability in my IT or OT system network? If it’s weak, then yes certainly, they can. This is not always obvious to the company but it is to a hacker or an organized criminal gang. As the old saying goes, seek and you shall find.

In addition to this, how well trained are my employees? Are they vulnerable to phishing attacks and how would they respond to an email, for example, that supposedly came from the manager urgently asking them to click on the provided link, only to find out it was a hacker and a phishing attack? How would they respond to this to limit the damage?

There are many questions that need to be asked and answered in 2022 when it comes to cybersecurity; too many to ask within this article.

What’s really important in today’s digital era, where many people are working remotely or from home, is that we have to take this as being normal, meaning that it’s normal to ask probing and sometimes uncomfortable questions concerning one's cybersecurity policy. You’re probably thinking, John, this is a bad time for me, most of our budget has gone to marketing or advertising. You may be thinking, yes, but John, you're supposed to say this;  it’s your job, it’s on your agenda to scare us to death ... you're trying to sell me cybersecurity solutions.

While you’ve every right to think this, I would say google and search for other reputable cybersecurity firms and speak with them. They'll indeed tell you the same thing because that’s the reality we all now live in.

Just as COVID lives with us, so do cyberattack threats, and they’re not going to go away. It doesn’t matter if your business is IT or ICS (Industrial Control System)-driven, has  systems, networks, and controls to operate and/or automate industrial processes; your business could well be a threat target and it's our job to protect it, the people who you employ and most certainly, it is a collective responsibility to ensure that the economy doesn’t suffer because of cybersecurity attacks.

We live in a hyperconnected world, where when one company gets hit, it has a major knock-on effect on everybody else, like a virus. Supply chains, loss of client data, loss of business and severe mass destruction of critical infrastructure, all affecting livelihoods, and in extreme situations, injury and loss of life.

Questions for 2022, indeed, need asking. It's not all doom and gloom though. We have every opportunity to prevent negative situations from happening, if we ask ourselves questions and more importantly, have answers, have proper cybersecurity policies and systems in place and have a preventative mindset. There’s absolutely no reason why the threats that we are faced with have to hurt our businesses.

We’ve all had great experiences and bad experiences. The great experiences we tend to remember and savor. The bad experiences we try to put out of our minds, try to forget about them without realizing that our bad experiences are just as valuable if we learn from them and not repeat them by being in denial and pretending that no threat exists.

So, I leave you with a thought. Trying to predict the future is very difficult and if we could sell our experiences for what they cost us, we’d all be millionaires.