Many small-to-medium businesses (SMBs) think they’re flying under the radar of cyber-attackers. But in reality, perpetrators specifically target smaller, more vulnerable businesses because of their lack of security expertise and fragile infrastructure, and because they often provide easy entryways to larger companies with whom the SMBs work. Even more alarming, more than 60 percent of SMBs go out of business within six months of devastating attacks, like ransomware and distributed denial of service (DDOS).
In this digital era, where cyber-attacks happen at all times around the world, SMBs are often the hardest hit, although their breaches may not make headline news. According to a report by Verizon, 61 percent of data breach victims were small businesses. And as Hiscox’s Cyber Preparedness Report 2017 notes, small businesses lose an average of $41,000 per cybersecurity incident.
The challenge is that SMBs typically have a shoe string IT & security budget and very limited expertise with cutting-edge tools. For instance, a local mom-and-pop store typically has a firewall and anti-virus for their security posture. So DDOS attacks, point-of-sale malware and phishing scams can very easily lead to a huge payout for attackers. Moreover, it is not always easy for business owners to understand what and how to protect their assets from constantly evolving cyber threats.
How MSSPs can help SMBs affordably protect themselves
Small businesses today tend to focus on doing the basics to protect endpoints and servers, which includes staying current on anti-virus updates and security patches for systems and applications. In these organizations, there may be just one person working part-time handling IT. Security is secondary and perhaps an afterthought.
Security breaches can be devastating to a small business that has significant resource constraints. The goal, therefore, is to deliver more data protection at less cost, based on thoughtful risk assessments and business-specific needs. A smart, affordable way for SMBs to protect themselves is by aligning with Managed Security Service Providers (MSSPs), who offer key services such as:
- Outsourced, advanced-level 24×7 monitoring of security events and management. This is a cost-effective alternative to having dedicated in-house staff managing security events.
- Deep threat intelligence covering a wide security landscape, such as device management, breach monitoring, data loss prevention, insider threat detection, phishing attacks, web exploits, and more.
- Incident response to contain and eliminate cyber threats in near real-time and keep your business running.
- Flexibility of deployment. The MSSP’s services should be available over the internet, via on-premise systems that are managed remotely, or through a hybrid model. SMBs may choose to implement some security capabilities in-house alongside other services from their trusted MSSP.
- Consulting on industry specific requirements and know-howpertaining to your business. This helps the MSSP implement best-practice processes and the right technologies for you.
MSSPs are an increasingly popular choice for SMBs who need a simple, cost-effective solution for cyber threat protection that leverages the latest innovations and provides 24×7 access to security experts. According to Market Research Engine, global managed security services market revenues could surpass $45 billion by 2022, expanding at a compound annual growth rate (CAGR) of 14.5 percent between 2016 and 2022.
MSSPsare a great resource for either supplementing your existing security team or starting your security practice. However, not all managed security services solutions are created equal. Each provider has different strengths and levels of support for incident management and response, and engagement with your business.
How to choose the best MSSP for your business
Many SMBs have a tendency to pick a security bundle from the managed service provider (MSP) who manages their systems, backups, software upgrades, and routine operations. However, this may not suffice. Not all MSPs have the right cybersecurity service offerings and businesses can’t afford to gamble on using providers that may end up delivering inadequate coverage and cause them to incur excess costs.
Five criteria to look for when choosing an MSSP:
- Employs state of the art tools, technologies, well-documented processes and workflows, and clearly articulates the level of interaction they’ll have with your business.
- Provides complete visibility of your sensitive data and transparency into the data movements within their environment.
- Understands specific issues and requirements pertaining to your industry. Different industries, such as finance, healthcare, and retail, have their own security concerns and benefit from an MSSP that has extensive experience in their area.
- Demonstrates compliance with your business’ and partners’ requirements.
- Helps you stay ahead of advanced threats by bringing collective knowledge from other customers and sources, such as threat intelligence, government alerts, etc., to educate your team on the latest security issues. This is critical as many data breaches result from employees opening phishing emails, and lost or stolen credentials.
Empirical data shows SMBs have high security-related risks that can be extremely detrimental, compared to larger organizations. Given resource constraints and skills limitations, it is best to align yourselves with MSSPs that can provide superior 24×7 protection and support at affordable prices, freeing you to safely focus on your core competency.
About the author: Arun Gandhi has more than 17 years of experience with startups and global brands in the service provider and enterprise segments. He is currently Director of Product Management and Marketing at Seceon, responsible for driving strategic go-to-market initiatives, positioning, customer use cases, and executive engagements with customers & partners.
Source: infosec island