| What do catalytic converter thieves and cyber criminals have in common? They both bank on nobody watching. |
Last week, two enterprising young men pulled up across the road from my house, took a long look at my Prius, and decided today was the day they were going to relieve me of my catalytic converter.
They had the gear: hydraulic lift, cutting tools, the lot. They had the target. What they didn't have (and what they really should have checked for) was my 73-year-old mum, who happened to be over for the day.
She spotted the car bouncing as they jacked it up, marched straight outside to confront them, and the two upstanding gents made a hasty exit. They'd managed to cut through the ties holding the heat shield in place before she intervened, but a quick and relatively cheap visit to my mechanic sorted that out; the converter itself is still attached, which was a massive relief!
I've been turning the incident over in my head since, and (amongst other choice expletives!) I keep landing on the same thought: this is exactly why I keep telling small business owners about MDR.
I have a Nest doorbell; it's a good bit of kit. It picked up the entire incident in glorious high definition; the car pulling up, the gear coming out, the jack going under the Prius. If things had gone differently, I'd have had a lovely recording of my own catalytic converter being removed.
That's the thing about cameras, alarms, and most of the security tech that small businesses have in place: they genuinely do stop a lot of threats. Antivirus catches known malware, email filtering blocks obvious phishing, firewalls keep out traffic that shouldn't be there. These tools earn their keep every day, quietly, without you ever knowing.
The problem is that the smarter threat actors know this, and they've adapted. Rather than trying to sneak malware past your antivirus, they'll send a convincing email that persuades someone on your team to willingly install a legitimate remote access tool. That's not the sort of thing your antivirus is designed to catch, because on the surface it looks like normal activity.
This is where EDR (Endpoint Detection and Response) software comes in; good EDR will block known threats automatically, which is a significant step up from traditional antivirus. But for the more subtle intrusions, the ones that don't match a known pattern, you need that managed layer to investigate what's actually going on and remediate it before the damage spreads.
For that, you need someone to actually be there, watching, ready to act.
In my case, that someone was my mum.
MDR stands for Managed Detection and Response. The industry loves an acronym, and this one gets thrown around a lot, usually accompanied by some fairly apocalyptic marketing. Let me strip it back.
|
Plenty of small businesses have detection of some sort. Antivirus software detects things. Firewalls detect things. Microsoft Defender detects things. The alerts go somewhere (usually an inbox no-one reads, or a dashboard no-one logs into).
That's the equivalent of having a doorbell camera while you're at work. The footage exists. It just doesn't help you in the moment.
The "M" in MDR is doing the heavy lifting. It's what turns "we'll know about it eventually" into "we stopped it before it became a problem."
In the catalytic converter incident, my mum was the managed bit. She was on-site, she was paying attention, and crucially, she was willing to walk out the front door and make the situation someone else's problem. The thieves didn't stick around to argue.
For a business, the equivalent looks like this: one of your team is working late, gets a convincing-looking email, clicks a link they really shouldn't have, and something nasty starts quietly installing itself on their laptop. Within minutes, someone notices the unusual behaviour, isolates that laptop from the rest of the network, kills the process, and lets you know in the morning. You wake up to an email explaining what happened and what's been done about it; not a ransom note, not a frantic call from a member of staff who can't access their files.
The laptop might still need re-imaging (in the same way my heat shield needed re-attaching; a quick, contained fix), but the damage stops there. It doesn't spread to the file server, it doesn't encrypt your shared drives, it doesn't become a company-wide incident. That containment is the whole game. A small, contained problem on a Tuesday morning is an inconvenience; an un-contained one is the sort of thing that ends small businesses.
Without the "M," you've got a recording of the break-in. With it, you've got someone at the door.
If you run a small business, you almost certainly have some security in place. Microsoft Defender comes with Business Premium. Your laptops probably have antivirus. Your router has a firewall. These things are not nothing. They are, broadly, the doorbell camera.
The honest question to ask is: when someone catches up on emails over the weekend and clicks something they shouldn't, who's going to notice?
If the answer is "no-one until Monday morning," that's worth knowing. It might be an acceptable risk for your business; plenty of small operations run that way and never have a problem. But it should be a decision you've made deliberately, not an assumption you've drifted into.
For some businesses, the answer is that an MDR service makes sense. For others, it doesn't, and there are plenty of cheaper steps that help keep your business secure. Either way, the conversation is worth having before something happens, rather than after.
"... when someone catches up on emails over the weekend and clicks something they shouldn't, who's going to notice?"
I'm well aware that "hire my mum" is not a scalable cybersecurity strategy. She has hobbies. She doesn't want to monitor your endpoints.
But the principle holds: detection without response is just an expensive way to find out what went wrong. If you'd like to talk through what your current setup actually does (and doesn't) when something goes sideways at an inconvenient hour, get in touch. I promise not to be apocalyptic about it.
Peter is the founder of Aztek Native, helping small businesses navigate technology with a bit less stress and a bit more sense. His mum is not available for hire.