Strengthening Your IT Resilience in 2024 & Beyond

SMEs grapple with shrinking budgets and a lack of skilled IT and cybersecurity professionals. As a result, many are left vulnerable to data breaches, ransomware, and other threats. This comprehensive guide explores where SMEs should focus their efforts in 2024 to reduce risk, support growth, and improve overall business resilience.

Over the past six months, the landscape of cyber threats has markedly worsened, with statistics revealing alarming trends that underscore the necessity of a robust IT resilience plan for SMEs. A significant 75% of companies have observed an increase in email-based threats, with Mimecast highlighting that phishing attacks have not only become more prevalent but also more sophisticated. Indeed, 97% of businesses were targeted by email phishing in 2023, leading to ransomware demands for 20% of those affected. Despite 63% paying the ransom, less than half were able to recover all their compromised data.

The risk of data loss poses a severe threat, with The Diffusion Group reporting that 60% of companies that lose critical data cease operations within six months, and a staggering 72% shut down permanently within two years following a major data loss event. This highlights a critical IT resilience risk, particularly in maintaining operational continuity in the face of such challenges.

Moreover, the hurdles in securing cyber insurance are growing, particularly for SMEs lacking adequate cybersecurity measures; in 2023, 28% of SMEs were denied cyber insurance, with 96% required to implement at least one new security solution to qualify for coverage. With StatCounter noting that Windows 10 is still operating on twice as many PCs as Windows 11—even as it nears its support termination—this scenario underscores the urgent need for businesses to reevaluate their IT resilience strategies to ensure they align with the resilience, meaning in information technology, thereby safeguarding against evolving cyber risks.

Several critical changes are coming over the next few years that will significantly impact businesses. If not prepared, these updates could disrupt daily operations:

• DMARC Implementation: Starting February 2024, businesses sending bulk emails or accepting online payments must authenticate their emails with DMARC. Failure to do so will decrease email deliverability and tarnish your sender's reputation.
• Windows 10 End of Life: Windows 10 support will end on October 14, 2025. Businesses must upgrade to Windows 11 by this date to continue receiving vital security updates and patches.
• PSTN Phase-Out: The Public Switch Telephone Network (PSTN) will be retired by December 2025. Businesses relying on traditional landlines must migrate to modern digital phone lines. This change also affects systems like alarms, telecare devices, CCTV, and electricity meters connected to the phone line. Don’t wait until the last minute—start planning your transition now to avoid disruptions.

Procrastinating on these changes will likely cause operational setbacks as businesses rush to upgrade before the deadlines. Start now to ensure a smooth transition and avoid delays.

In 2024, the focus for SMEs should be on building a resilient IT and cybersecurity posture. Here are key areas to invest in:

1. Infrastructure Modernization

Using unsupported systems leaves your business vulnerable to security breaches and operational inefficiencies. According to Forbes, modernizing your infrastructure not only enhances security but also boosts productivity by up to 50%.

• Upgrade Legacy Systems: Replace outdated operating systems like Windows 10 and migrate to cloud computing solutions to ensure your business benefits from ongoing updates and stronger security features. Unsupported software is not just a risk—it's an obstacle to efficiency.
• Plan Your Transition to Digital Phone Lines: With the PSTN being phased out, evaluate your phone systems and migrate to digital alternatives. Begin this process early to avoid delays.

2. Cybersecurity Resilience

Cyber resilience is the ability to protect against, detect, respond to, and recover from cyber-attacks. For SMEs, the best approach involves multiple layers of defense:

• Cyber Essentials Plus Certification: Achieving Cyber Essentials Plus certification demonstrates your commitment to safeguarding sensitive data and can improve client trust. This UK government-backed standard outlines five key security controls and is essential for proving your business's cyber resilience.
• Implement EDR: Endpoint Detection and Response (EDR) systems offer superior protection to traditional anti-virus software. EDR tools proactively detect and neutralize threats, especially zero-day attacks, making them essential for any modern cybersecurity strategy.
• Multi-Factor Authentication (MFA): Implement multi-factor authentication (MFA) across your network to safeguard sensitive data. Combining passwords with an additional layer of security ensures that only authorized users can access critical systems.
• Access Management: Employ conditional access policies that ensure users only connect to your systems from pre-approved devices. This adds an extra layer of control, protecting your business from unauthorized access.

3. Data Protection & Disaster Recovery

The ability to recover quickly in the event of a disaster, whether cyber or natural, is paramount. SMEs must implement robust data backup and disaster recovery solutions that guarantee rapid recovery with minimal data loss.

• Disaster Recovery Plans: Ensure you have a documented and tested disaster recovery plan. This will reduce downtime and limit the impact of any data loss.
• Backup Solutions for Microsoft 365: While Microsoft 365 offers some cloud services, it only backs up data every 12 hours and retains it for 14 days. Ensure you have a dedicated backup solution to recover from accidental deletion or ransomware attacks.