Cyber security needs for small and midsize businesses (SMBs) have never been more demanding. Threat actors continue to escalate their targets and increase their level of attack sophistication against them. Unfortunately, the economics of cybercrime have advanced to a point where SMBs are profitable, relatively easy targets that face an overwhelming number of cyber threats.
Further exacerbating things, no other sector has been as disrupted by shifts in buyer behaviours and budget anxieties brought on by COVID-19. Remote workforce devices—not to mention the users of said devices—have become more attractive as exploitable targets. According to IDC’s July 2021 Future Enterprise Resiliency and Spending Survey, Wave 6, “75% of IT decision-makers with organizations that experienced one or more ransomware incidents in the past 12 months indicated that significant extra resources beyond what internal staff handled were required to rectify.”
While these shifts have accelerated their digital transformation, SMBs also face increased vulnerabilities and requirements for mounting an adequate defence.
2022 may usher in radical yet progressive changes for underserved SMBs. To help alleviate your cyber security constraints, it’s vital to consider different approaches to strengthening your overall security posture. It’s increasingly critical to assess ease of use and integration challenges, and to consider holistic security technologies that significantly strengthen your security posture along with the option of managed services.
Here are five key trends that will shape cyber security in 2022, along with insights for how you can best respond to these shifts and bolster your security posture.
1. Cyber security resources shift from internal to external managed
While SMBs are unlikely to have security analysts in-house, they do have resources dedicated to managing and protecting their IT infrastructure and digital assets. SMBs often lack the financial and security resources necessary to effectively utilize security technologies.
Engaging with multiple security vendors to address their security needs simply isn’t an option. For many, this is becoming an untenable and costly burden to manage with the increase in exploitable targets and cyber criminals’ attack focus on SMBs. To combat these threats, businesses must look at alternative options to manage and reduce the risk to their business continuity. Simplicity without sacrificing security efficacy in thwarting threats is critical for SMBs.
2. The continued rise of managed service options for managing cyber security
Continuing from our first trend, experienced security professionals are necessary to produce maximum return on SMBs’ cyber security requirements. Managed Service Providers (MSP) or Managed Security Service Providers (MSSP) have the experience needed to help meet SMBs’ current needs, budget, and flexibility to adjust for changing circumstances. Managed service options are well-positioned to provide customized solutions and respond to ever shifting and evolving demands.
3. Cyber security services will accelerate to proactively prepare for and combat threats
Increasingly, SMBs are turning to external services to enhance their cyber security posture and proactively prepare for potential attacks. Cyber security maturity assessments are a viable means to determine gaps or shortcomings an organization’s level of protection. These assessments often include prescriptive guidance and actions for remediating them.
Incident response (IR) preparedness is another service under significant demand which helps businesses plan for a security breach. The need to have a well-rehearsed IR plan is quickly becoming table stakes as government-mandated regulations are quickly taking aim at the enterprise level; this will inevitably cascade to SMBs.
Having an IR program may soon be a business requirement to mitigate the damage caused by the wide-range effects of data breaches, including reputational damage, financial loss, customer attrition, and regulatory fines. Assess these capabilities within the context of your overall business cyber-resiliency plans.
4. SMBs will continue to seek cost optimization and consolidation with their cyber security solutions
With increasingly complex threats comes an almost exponential growth of cyber security solutions and options to address them—many of which require tedious amounts of work to adequately integrate, support, and manage. SMBs face a heavy burden, needing to secure everything from operating systems and mobile devices to physical and virtual servers and cloud workloads.
As such, security solutions must be adequately equipped with capabilities that will deliver effective holistic or unified management for all threat surfaces. This includes endpoints, networks, cloud services, email servers, and web gateways. Look for cost-effective solutions that cover all threat vectors to strengthen your security posture. Conducting routine proof-of-concepts should help to ensure already limited security budgets are well spent.
5. Cyber security automation augmented by human experts
The most efficient cyber security should automate wherever possible and add human intelligence (in a scalable way) where even the most sophisticated artificial intelligence or machine learning can’t be relied upon to identify indicators of compromise. This combination will be required to proactively address vulnerabilities, minimize the threat surface, and efficiently stop attacks.
Examples of this automation include active or automated blocking techniques, cross-correlating relevant telemetric data, risk-rated responses, and portals or dashboards with automated remediation actions. However, human engagement is an absolute necessity in decision-making processes, less so during certain investigatory processes. When emerging threats arise, automation needs to be augmented by human oversight. This, in turn, will reduce alert fatigue and false positives. It also simplifies the process for SMBs to remediate alerts while offering clear oversight on the health of their overall security posture.
Each of these five trends will play a major role in shaping the cyber security throughout the coming year. Staying informed and aware of how each may impact your own organization can help you navigate through uncertainty while enhancing defences.