When it comes to cyber security, the threats themselves—ransomware, phishing, etc.—are nothing we haven’t seen before. What is new, though, is the scope and the increased threat to small- and medium-sized businesses (SMBs).
Most SMBs today have a false sense of confidence; they don’t see themselves as worthy targets and assume they have nothing of value to an attacker. However, this leaves hackers thinking: “all the better to eat you with, my dear.”
But why is it that SMBs aren’t properly protected against today’s threats? Why are they so hesitant to change their cyber security strategy? To answer these questions, we did a little research into SMB security trends. Read on to learn which challenges they face and how you can position your managed security services as the solution.
What Factors Hinder SMBs’ Ability to Advance Their Security Efforts?
According to the Better Business Bureau and their 2017 State of Cybersecurity Report, the top five factors that prevent SMBs from advancing in their cybersecurity efforts are as follows:
- Lack of resources
- Lack of expertise/understanding
- Lack of information
- Lack of time
- Lack of training
Not only do SMBs not have the tools and resources to keep up with the threat landscape, they’re also struggling to acquire the necessary talent, expertise, and knowledge. To expand on this, I called upon Jennifer Bleam, Senior Security Sales Specialist at Continuum, to share her insights on this trend and how MSPs can address these pain points for their SMB clients.
“I don’t find these top factors all that surprising. Businesses are very busy as it is, but asking them to focus on security is the real challenge. They need to find the time to address this issue, but they’re already overwhelmed with existing projects and initiatives.
If they decide to offload this to someone else (outside talent, or an in-house expert,) they’ll find that there are few security experts out there. This means that the security talent they’re seeing are highly paid AND they want to use their skill-set and be challenged daily—even if a breach happens every month, that’s not enough volume or excitement to keep a typical security engineer satisfied.
These are the same concerns that companies have when facing the need to handle IT. They don’t want to find, hire, and retain the employee(s) to handle it; yet they can’t handle it (or don’t want to handle it) themselves. This is where MSPs step in.
It’s a very similar story with security. Think about the approach that MSPs have always took to find business, just with a shift in focus to appeal to the security skills gap.”
Why Are SMBs Ill-Prepared to Handle Security Related Issues?
In a report from The SANS Institute, SMBs were asked, "what are the top challenges your organization faces when handling cybersecurity related issues?" By a significant amount, the top two answers were finances to pay talent, followed by regulatory compliance.
To explain why SMBs struggle so much with these two factors, I again turned to Bleam. Here, she shares her insights into these staffing and compliance challenges, and how MSPs are in a unique position to step in and help.
“Finances will always be a top challenge here—there aren’t very many security experts to be found, so they can command a high salary. Also, these security experts can be picky as to which company or culture they want to work for. But, an MSP is in the unique position of offering to manage this piece through Continuum’s Security Operations Center (SOC), which is already built and staffed with these experts.
With a compliance-focused business, the business owner can’t afford to ignore cyber security. But again, it’s a very large task; both to understand the various regulations (as they stand today), future changes of those regulations, and—maybe most important—how to ‘check the boxes’ on this new requirement. This means the business owner needs to become an expert in compliance (yet another project) AND understand what technology or policies to put in place in order to meet the compliance regulation. Once again, MSPs can bring this expertise and staffing to the table, in order to take this off the client’s plate.”
Convince SMBs of the need for managed security. Download our eBook below: