TJ Houske, CEO of OTAVA

Get ready! 2025 is expected to be another year of rapid technological advancement driven by developments in cloud computing, artificial intelligence (AI), automation, quantum computing, and more. With so much innovation on the horizon, there’s one thing we know for sure – cybersecurity will remain a critical issue that demands immediate and ongoing attention.

Underscoring the seriousness of the issue, industry analyst firm Forrester estimates that worldwide cybercrime will cost a staggering $12 trillion next year. Potentially more concerning is the fact that PwC’s recently published 2025 Global Digital Trust Insights survey found that only two percent of companies surveyed have implemented cyber resilience across their organization, even as 66 percent of tech leaders rank cyber threats as the top risk their organization is prioritizing over the next 12 months.

In Indiana, the total cost of cybercrime has already surpassed $160 million. With so much at stake, businesses must continually adapt and learn how to protect themselves. 

What Indiana Businesses Need to Know: SMBs are Prime Targets

Indiana has gained a reputation as an emerging technology hub. The burgeoning tech sector is seeing rapid growth and Indianapolis is home to several tech companies and startups. The overall small to medium business (SMB) landscape in Indiana, which includes many of the tech businesses, is diverse and a crucial component of the state’s economy.

All this great news for Indiana comes with a strong word of caution, especially for SMBs – protect your data! It’s a common misconception that small and medium sized businesses won’t be the target of ransomware. However, the truth is that hackers love targeting these businesses because they often have weaker security systems with fewer protections in place. In fact, last year, small businesses saw big jumps in data breach costs. So, no matter your size, you’re still on their radar.

Today’s Biggest Security Battle: Ransomware is Relentless

Artificial Intelligence (AI) has changed the security playing field. On one side, cybersecurity solutions are leveraging the technology to create stronger protections. But on the other hand, AI is being used by hackers to accelerate attacks and advance breaches. For example, the ability to create Ransomware as a Service makes it easy for bad actors to launch attacks, even without technical skills.

Ransomware continues to be a growing risk and one of today’s top threats. The occurrence of ransomware has become a “when” rather than an “if.”  A recent Veeam Software report found that 75 percent of organizations experienced an attack at least once in the past 12 months, and, on average, businesses experience 2.1 cyberattacks annually. 

The impact of suffering a ransomware data breach without swift mitigation is often devastating. According to the National Archives and Records Administration in Washington DC, 93 percent of companies that lost their data for 10 days or more filed for bankruptcy within one year of the disaster.

In addition to ransomware, businesses also need to be prepared to handle a litany of other forms of cyber threats such as phishing, which has evolved beyond basic emails. The use of AI-powered tactics to impersonate legitimate users makes it hard to detect.

As mentioned, while AI can help businesses and security solution providers create better defense strategies, it also gives bad actors better tools to enhance their attacks. AI has made threats harder to detect, more frequent, and more sophisticated, but it can also find vulnerabilities faster. It’s an ongoing race between defenders and attackers. What AI can build, AI can also break.

Six Steps to Protection: The S.E.C.U.R.E.™ Framework

Businesses of all sizes need to create a layered approach to enhancing their security posture. Security can’t be viewed as a ‘set it and forget it’ activity. IT, security, and business leaders have to constantly evaluate where they are so that they can improve and minimize risk. At OTAVA, we’ve created a framework that helps organizations know where to start, which best practices to follow, and the steps to take for implementing a strengthened security posture. The S.E.C.U.R.E.™ Framework is a strategic process designed to be a universal blueprint for protection. The six steps include:

  1. Shrink:  Reduce the size of the attack surface and protect access points. 
  2. Examine:  Monitor and analyze anomalies and event threats. 
  3. Contain:  Restrict the attack vectors to reduce the proliferation of any attack. 
  4. Undo:  Take action to isolate and restore infected data.
  5. Recover:  Achieve business continuity of operations.
  6. Evaluate:  Engage in continuous improvement of your security posture.

Stay Vigilant Year Round

Unlike Hoosier basketball and the Indianapolis 500, cyber security is a year-round sport. Because the work is never done, it often makes sense for businesses to seek out support from a trusted partner that can bring the needed cyber security expertise and resources. Either way, it’s essential to have a solid plan that includes making educating staff on how to spot and avoid threats an ongoing priority. Human error is one of the leading causes of security breaches. Additionally, finding ways to use cloud, security, and automation technology wherever possible will work to your advantage. At a basic level, maintaining software and systems updates will prevent some vulnerabilities and having backup and disaster recovery in place will minimize downtime and data loss.

As we close out Cybersecurity Awareness Month, remember to make improving your security posture a priority every month of the year. Creating a process to monitor and update your plan regularly will empower your business to elevate its security posture and be better prepared for potential threats.

About the Author:

TJ Houske is OTAVA’s CEO. For over 25 years, he’s held senior and executive leadership roles in engineering, architecture, and strategic business development. He’s been an IT executive, consultant, entrepreneur, and the head of one of the industry’s most dedicated technology operations teams. A visionary with a down-to-earth approach, TJ is on a mission to make service providers, enterprises, and public sector organizations successful in the cloud.