The ambition and dedication of small and midsize businesses (SMBs) drive the modern U.S. economy. These businesses face special challenges in the IT space because they don’t have the staffing, institutional knowledge and financial resources that larger enterprises do.
The Threat Landscape for SMBs
99.7% of all U.S. businesses have fewer than 500 employees. That huge footprint makes SMBs a prime target for cyberthreats, cybercrimes, and data breaches and theft – and an attack can have a devastating effect on an SMB’s viability. The small to midsize business is an increasingly attractive target to malicious actors and cybercriminals because it is often unable to maintain the tools, skills, knowledge, and staff required to adequately defend the business.
According to Barkly, 57% of SMBs reported an increase in cyberattack volume in the last year. However, even though cyberattacks are becoming more sophisticated, only 36% of SMBs expect to be willing or able to increase their cybersecurity budget in FY2019. These numbers point to a chilling existential risk to the survival of SMBs that rely on access to their data.
The Securities and Exchange Commission (SEC)’s Public Statement plainly states:
Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (“SMBs”) are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.
Why Are SMBs Being Targeted?
The same SEC Public Statement also indicates that many SMBs cannot handle a cyberattack effectively on their own. A survey in the same report indicated that as many as 27% of SMBs have no cybersecurity protocols at all, and as many as 60% of them did not respond to a cyberattack correctly. These conditions are exactly what a cybercriminal or malicious actor needs to continue perpetrating their attacks.
The question of “why” SMBs are being targeted at such high rates is easy to define. It’s much harder to change the characteristics that make SMBs a high-priority target. However, one thing is certain: money is a primary motivator for cyber adversaries. Cybercriminals are either trying to steal the SMB’s money directly, or they’re looking for data that they can sell for a profit on the black market.
Whether the discussion about how to assist SMBs in their cyber defense is about training, education, tools, skilled employees, around-the-clock monitoring, or using the most up-to-date technology to mitigate threats and vulnerabilities, the sticking point is always about the budget, the financials, and the overall impact on the business plan.
Managed Solutions for SMB Cybersecurity
Some SMBs will attempt to “go it alone.” According to a report from Trustwave and Osterman Research, in 2014 SMBs spent $156 per user on security solutions (software, hardware, services and other technology), compared to $72 for enterprises. Of this spend, only about 19% was dedicated to managed or cloud services.
The conclusion of this report indicates that security solutions for SMBs are often too expensive to purchase outright, which is why Managed Service Providers (MSPs) have been a financial relief to them. Investments in inclusive infrastructure solutions, software solutions, computing solutions, or expert staff are cost-prohibitive for most SMBs. MSPs provide these solutions at a fraction of the cost. MSPs have the knowledge to monitor for, assess, analyze, report on, mitigate, and remediate cybersecurity threats and vulnerabilities for many customers at once, without having to undertake the onerous financial burden that an SMB would undoubtedly face on its own.
Some of the solutions a Managed Services Provider can offer include:
- Triage – Underskilled and undertrained IT staff face an insurmountable task when looking at the sheer quantity of passive and active attempts to infiltrate a network or device. Every SMB has specific data that is important to its business plan, and has unique and proprietary systems that require protection. Additionally, there are often industry standards, regulatory compliance requirements and customer data protections that dictate what can or can’t be done. MSPs can implement prioritization techniques that analyze the severity of attack attempts and appropriately implement policies that thwart them.
- Automation – MSPs can purchase more state-of-the-art tools and appliances, allowing them to implement automated tasks and alerting. This gives MSPs an advantage that many SMBs cannot afford to implement. A streamlined and automated workflow of alerting, reporting, mitigating, or even remediation can result in large financial savings rather than waiting on a human being to perform the same tasks.
- Education and Training – Cybersecurity training and education is a never-ending task. MSP security analysts and engineers undergo constant training on tools and appliances, and they continue to accumulate security certifications in quantities that SMBs would likely never be able to afford. Additionally, MSPs can provide user training to inform their customers of the dangers in the cybersecurity landscape. Some of these dangers include opening unknown emails, clicking unknown ads, implementing poor passwords, connecting to unsecured WiFi networks, and browsing dangerous websites.
- Up-to-Date Technology – MSPs have the budget and the business plans to purchase high-quality products from specialized vendors in the cybersecurity space. As a result, MSPs can offer SMBs a top-grade solution that would otherwise be unattainable for them. Next-generation firewalls, backup and recovery, endpoint detection and reporting are all tools that are now available to SMBs through MSPs at a fraction of the cost of implementation.
By working with an MSP, your business can reduce the costs of downtime and business interruption, while spending less on salaries and minimizing turnover. You’ll also save on related costs like training, education, and specialized equipment and services which come with the MSP’s extensive in-house teams.
Ready to see how TPx can help you stay protected while cutting costs? Talk to a TPx specialist today.
About the Author
Adam Weber leads the development of TPx’s security product offerings. He has more than 15 years of experience in security and cybersecurity, both in the public and private sectors. He is a 12-year U.S. Army veteran in communications and was deployed to two combat zones. He has also worked with U.S. government agencies like U.S. Transcom (U.S. Military Transportation Command), DISA (Defense Information Systems Agency), and NGA (National Geospatial Agency). In his spare time, he is a computer and technology hobbyist who enjoys building his own networks, servers, labs, and security infrastructure. Adam holds an MBA from McKendree University and CISSP, CASP, CEH, and Security+ certifications.