Most SMBs Fold after Cyber Attacks: Here’s How to Protect Yours

Friday, October 12, 2018

Arun Gandhi

9375e58c8325b652f623d22b5e9fda3f

Many small-to-medium businesses (SMBs) think they’re flying under the radar of cyber-attackers. But in reality, perpetrators specifically target smaller, more vulnerable businesses because of their lack of security expertise and fragile infrastructure, and because they often provide easy entryways to larger companies with whom the SMBs work. Even more alarming, more than 60 percent of SMBs go out of business within six months of devastating attacks, like ransomware and distributed denial of service (DDOS).

In this digital era, where cyber-attacks happen at all times around the world,  SMBs are often the hardest hit, although their breaches may not make headline news. According to a report by Verizon, 61 percent of data breach victims were small businesses. And as Hiscox’s Cyber Preparedness Report 2017 notes, small businesses lose an average of $41,000 per cybersecurity incident.  

The challenge is that SMBs typically have a shoe string IT & security budget and very limited expertise with cutting-edge tools. For instance, a local mom-and-pop store typically has a firewall and anti-virus for their security posture. So DDOS attacks, point-of-sale malware and phishing scams can very easily lead to a huge payout for attackers. Moreover, it is not always easy for business owners to understand what and how to protect their assets from constantly evolving cyber threats.

How MSSPs can help SMBs affordably protect themselves

Small businesses today tend to focus on doing the basics to protect endpoints and servers, which includes staying current on anti-virus updates and security patches for systems and applications. In these organizations, there may be just one person working part-time handling IT. Security is secondary and perhaps an afterthought.

Security breaches can be devastating to a small business that has significant resource constraints. The goal, therefore, is to deliver more data protection at less cost, based on thoughtful risk assessments and business-specific needs. A smart, affordable way for SMBs to protect themselves is by aligning with Managed Security Service Providers (MSSPs), who offer key services such as:

  • Outsourced, advanced-level 24x7 monitoring of security events and management. This is a cost-effective alternative to having dedicated in-house staff managing security events.
  • Deep threat intelligence covering a wide security landscape, such as device management, breach monitoring, data loss prevention, insider threat detection, phishing attacks, web exploits, and more.
  • Incident response to contain and eliminate cyber threats in near real-time and keep your business running.
  • Flexibility of deployment. The MSSP’s services should be available over the internet, via on-premise systems that are managed remotely, or through a hybrid model. SMBs may choose to implement some security capabilities in-house alongside other services from their trusted MSSP.
  • Consulting on industry specific requirements and know-howpertaining to your business. This helps the MSSP   implement  best-practice processes and the right technologies for you.

MSSPs are an increasingly popular choice for SMBs who need a simple, cost-effective solution for cyber threat protection  that leverages the latest innovations and provides 24x7 access to security experts. According to Market Research Engine, global managed security services market revenues could surpass $45 billion by 2022, expanding at a compound annual growth rate (CAGR) of 14.5 percent between 2016 and 2022.

MSSPsare a great resource for either supplementing your existing security team or starting your security practice. However, not all managed security services solutions are created equal. Each provider has different strengths and levels of support for incident management and response, and engagement with your business.

How to choose the best MSSP for your business

Many SMBs have a tendency to pick a security bundle from the managed service provider (MSP) who manages their systems, backups, software upgrades, and routine operations. However, this may not suffice. Not all MSPs have the right cybersecurity service offerings and businesses can’t afford to gamble on using providers that may end up delivering inadequate coverage and cause them to incur excess costs.

Five criteria to look for when choosing an MSSP:

  1. Employs state of the art tools, technologies, well-documented processes and workflows, and clearly articulates the level of interaction they’ll have with your business.
  2. Provides complete visibility of your sensitive data and transparency into the data movements within their environment.
  3. Understands specific issues and requirements pertaining to your industry. Different industries, such as finance, healthcare, and retail, have their own security concerns and benefit from an MSSP that has extensive experience in their area.
  4. Demonstrates compliance with your business’ and partners’ requirements.
  5. Helps you stay ahead of advanced threats by bringing collective knowledge from other customers and sources, such as threat intelligence, government alerts, etc., to educate your team on the latest security issues. This is critical as many data breaches result from employees opening phishing emails, and lost or stolen credentials.

Empirical data shows SMBs have high security-related risks that can be extremely detrimental, compared to larger organizations. Given resource constraints and skills limitations, it is best to align yourselves with MSSPs that can provide superior 24x7 protection and support at affordable prices, freeing you to safely focus on your core competency.

About the author: Arun Gandhi has more than 17 years of experience with startups and global brands in the service provider and enterprise segments. He is currently Director of Product Management and Marketing at Seceon, responsible for driving strategic go-to-market initiatives, positioning, customer use cases, and executive engagements with customers & partners.

Possibly Related Articles:
6238
Enterprise Security Security Awareness Security Training
SMB Cyber Threat Small to Medium Business Managed Security Service Provider
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.