Small and midsize businesses (SMBs) are fighting an uphill battle when it comes to managing their network security. According to a 2016 Ponemon study, 69 percent of SMBs don’t have the adequate budget or in-house expertise to achieve a strong cyber security position. As a matter of fact, more than half of the study’s SMB respondents experienced a data breach or cyber attack in the past year with an average cost of $879,582.
This is not a coincidence. Cyber criminals deliberately attack SMBs because they present weaker targets, they can be part of a supply chain to bigger companies, and because changes in the dark web have made it more profitable to sell small batches of credit cards or personal information.
Traditionally, small businesses focus their limited IT resources on everything but network security. To overcome this issue, many SMBs have turned to the cloud and to small, local managed service providers (MSPs) to handle their IT needs.
New security solutions allow traditional MSPs to easily “plug in” security services such as prevention, detection, and response capabilities as an affordable subscription for SMBs with very little hassle or setup required. This creates a new kind of service – the managed security service provider, or MSSP.
Signs it might be time to pick up the phone and call an MSSP
But how do SMBs know when to consider getting outside support for their security needs? Here are five signs it might be time to pick up the phone and call an MSSP:
1. Limited resources and expertise within your organization: Your organization has a limited IT staff that doesn’t have the required experience in security that today’s emerging threat landscape demands. You often find your organization falling behind in reactive mode to security incidents. In addition, you don’t have the resources to configure, monitor, and update your security products to ensure ongoing protection.
2. Budget restrictions: Your organization doesn’t have budget allocated to IT security. More often than not, security is not on the budget for SMBs (51 percent of small businesses surveyed recently by Experian did not allocate any budget towards risk mitigation for cyber attacks), and until recently, managed security services have been a luxury reserved for only large enterprises. However, with the emergence of ongoing threats targeted towards SMBs and the introduction of security solutions that focus on ease-of-management and monitoring, traditional MSPs are adding security-as-a-service to solution portfolios that provide cost-effective security.
3. Lack of visibility into IT: Do you know what data and IT resources your business uses? SMBs often do not have visibility into what resources are being consumed, where these resources reside, and how they potentially interact. Whether it’s a laptop running lightweight bookkeeping software, or a point-of-sale solution running a SaaS application, the ability to identify what data is being used, where this data is stored, and how it’s processed by users and applications is key to keeping that data secure.
SMBs also tend to adopt practices such as “Bring your own Device” and “Bring your own Identity” to keep things simple for customers and help their employees be as productive as possible. This leads to very fluid controls that create security risks and unpredictable complexities and make it even more difficult for a business to understand its IT resources. MSSPs can help identify and fill these critical security gaps with monitoring and reporting services and design an organization’s network and platform infrastructure to ensure proper identity and control measures, while continuing to satisfy ease-of-use and productivity requirements.
4. A vulnerable business ecosystem: Your business interacts with multiple vendors and other businesses, and often your applications reside in a broader ecosystem. If you have a contractual or permanent interface with a partnering business, such as a healthcare, hospitality, or financial services organization, attackers may target your IT system to launch an attack at one of your direct or indirect partners. Even if you’re sure that your business is of no interest to attackers, consider working with an MSSP to protect your relationship with your partners.
5. Compliance – To be, or not to be: Does your business follow the necessary security standards for its industry, such as PCI 3.0? Compliance and regulations are usually what drive the need to explore and implement security practices. MSSPs use comprehensive reporting techniques to identify compliance requirements and find any gaps where your business does not adhere to them. If you’re confused by the compliance requirements in your industry, it may be more beneficial to have an expert handle them instead of taking the time and effort away from your business to learn it yourself.
SMBs offer ripe targets for today’s cyber criminal. In 2016, smaller organizations were targeted specifically with spear-phishing trojan attacks and point-of-sale attacks, including one that affected 350+ Eddie Bauer stores. Remember the Home Depot attack that stole 56 million credit card numbers in 2014? That’s what SMBs now face regularly. To overcome these challenges, SMBs need to be vigilant in protecting their employees, customers and partners. If any of the five signs listed above resonate, it’s time to talk with your existing trusted IT partners or MSPs to ensure that their security service properly addresses your needs.