Global market intelligence firm IDC recently released a report exploring the stark reality that small and midsize businesses (SMBs) must approach cybersecurity differently than large enterprises—and it often includes choosing the right partner with the right managed security service.
The IDC Analyst Brief, sponsored by Field Effect, Small and Midsize Businesses Need a New Cybersecurity Game Plan, was authored by Michael Suby, the Research Vice President in IDC’s Security and Trust research discipline. Mr. Suby concentrates on endpoint security and engages in topics spanning a wide and evolving spectrum of security and trust areas in collaboration with IDC team members.
The information in this report is intended to empower MSPs to become the security partner their customers and prospects want to work with. The analyst brief is a must-read for MSPs delivering managed security to the SMB market, starting with its explanation of the three cybersecurity challenges unique to smaller businesses.
1. SMB digitalization permits more damaging cyber attacks
Business operations are more digitalized than ever. Consider all the cloud-based tools the average company uses for collaboration, communication, and general productivity—especially now, as remote and hybrid work environments have skyrocketed. SMBs are increasingly digital-dependent, which offers its conveniences, but also allows cyber attacks to severely disrupt operations and cause serious damage.
Look at ransomware, for example. According to an IDC survey conducted in December 2021, 55% of organizations experienced a ransomware attack that blocked access to systems or data during the year. Of those affected, 70% experienced disruptions lasting two or more days.
A GetApp survey of 300 ransomware victims found only 11% of respondents reported their ransom payment was the most damaging part of the attack. Besides that direct cash loss, ransomware attacks typically bring normal business functions to a standstill, leading to reduced productivity, lost revenue, and relationship damage. Among those that paid the ransom from the survey above, 70% said the attack severely impacted productivity.
2. Cyber criminals have narrowed in on small businesses
The cybercrime black market has reduced the cost, time, and skills needed to launch an attack, meaning nearly anyone with a computer and a bit of determination can become a hacker. Naturally, this growing competition has also pushed cyber criminals to move their targets downstream.
AdvisorSmith, a leading information source for small business owners, recently conducted a survey of over 1,100 small business owners and managers to understand their experiences with cyber attacks and security. The firm found that almost 42% of small businesses experienced a cyber attack in the last year. What’s more, a whopping 70% are concerned they will face an attack in the upcoming year.
These attacks are happening, in part, because most cyber criminals are money motivated. Yes, some cyber attacks stem from boredom, others from political or ideological differences; however, no business is too small a target if there’s profit to be made. Backed by tools and automation, threat actors can now attack dozens of smaller targets simultaneously, rather than one single large organization.
3. Cybersecurity has become too complex and costly
Due to increasing cyber risk and attack damage, businesses often think they’re better off augmenting their standard cybersecurity tools, including firewalls and antivirus software, with more solutions.
However, every new tool absorbs more budget and time. This goes beyond the upfront or recurring monthly fees for the technology itself, extending to the cost to hire trained and qualified personnel to handle the deployment and ongoing management of the technology.
Even if companies have a budget for cybersecurity staff, the demand for cybersecurity talent is far greater than the supply. One study found that, while the global cybersecurity workforce grew by about 25% from 2019 to 2020, there is still a significant skills gap. In many cases, building an internal security team simply may not be possible.
Despite this, having a cyber security expert isn’t optional. No matter how intelligent or advanced, technology can’t run itself. Companies need the right people to monitor their dashboards and sift through data or alerts to determine where there’s cause for concern to reap the full benefit of their purchase.
What do these challenges mean for managed security services?
These are lingering challenges for SMBs. The cost of launching cyberattacks is trending downward, yet the likelihood of being attacked is trending upward along with the licensing and staffing costs to build an effective defence.
While organizations of all sizes face these barriers, they are particularly acute for SMBs. Smaller businesses require the same enterprise-grade cyber protection as larger organizations but often cannot justify the enterprise-grade price tag. To that end, a new game plan is necessary.
The game plan focuses on four pillars, starting with maintaining an asset inventory. Assets with weak protections are a golden opportunity for threat actors to exploit. If the bad guys find the assets first, it’s already too late.
The report goes on to explain that this game plan does not eliminate the need for cybersecurity talent and technology—the best option is to find the right security partner.
For MSPs, this is an opportunity. It’s a chance to truly understand your target market’s challenges and what they want, expect, and deserve from a security partner. With that in mind, you can position your managed security service to fill that need, not only making you a more attractive and ideal partner but also resulting in safer, happier clients.
Read the full IDC Analyst Brief to learn more about the four-pillar game plan that IDC suggests, as well as what SMBs should look for in a security partner. Download Small and Midsize Businesses Need a New Cybersecurity Game Plan today.