In 2021, 40% SMBs have suffered a security breach in part because they are low-hanging fruit and attractive targets for moving into the larger game. Michelle Drolet, CEO of Towerwall, explains how SMBs can reduce risk and improve their cybersecurity posture with essential foundational protections that include managed detection and response, endpoint detection, penetration testing, and outsourcing safety leadership.
Cyberattacks against small and medium-sized enterprises (SMEs) increase by more than 150%, reaching 31,000 attacks per day. Last year, 82% of all ransomware attacks targeted SMBs. They also experience 350% more social engineering attacks than large organizations.
The pandemic has dramatically increased the digital footprint of most companies as employees transitioned to remote work outside the traditional scope of the company. SMBs typically have limited investments in cybersecurity, are often understaffed, and are more concerned with the health of the business than cybersecurity risk. SMBs also serve as an entry point to larger partners or supply chain organizations that provide cybercriminals with higher value targets.
Learn more: Cybersecurity specialist: main skills required and salary expectations
How SMBs can improve their cybersecurity defenses
SMBs face the same threats as large enterprises, but face limited security resources, budgets, and talent. Organizations that outsource to an experienced security partner can make up for the lack of expertise and resources. Below is a set of essential security services (limited, not exhaustive) that SMBs can leverage from an outsourced provider to bolster their defenses:
1. Managed Detection and Response (MDR)
A Security Operations Center (SOC) is a centralized function comprised of an information security team that monitors, analyzes, detects and responds to cybersecurity incidents 24/7. Building and maintaining such a SOC can cost millions of dollars each year, which is why nearly 70% of SMBs do not have an internal SOC and are unable to provide 24/7 security coverage. To overcome this challenge, companies can benefit from the MDR services of an experienced cybersecurity provider who can remotely detect, analyze, investigate and contain threats as they emerge. In an MDR service, data is recorded and analyzed by trained cybersecurity professionals who provide 24/7 monitoring and incident response services. Some MDR providers even offer breach warranty protection through their cyber insurance, which can give SMBs extra peace of mind in the event of a successful cyber attack.
2. Endpoint Detection and Response (EDR)
SMBs have hundreds of endpoints, including desktops, servers, laptops, mobile devices, and Internet of Things (IoT) devices (like CCTV cameras, air conditioning systems, etc. ). Every endpoint is a potential entry point for a deadly cyberattack. Endpoint protection platforms such as EDR can help monitor endpoints to detect suspicious activity in real time, identify threat patterns, analyze them, and contain or report them if necessary. If an organization lacks the resources to manage EDR itself, the technology is manageable remotely through a centralized console. This enables continuous monitoring and SMBs can proactively defend against zero-day malware and targeted attacks. Even some cyber insurers now require companies to have EDR protection before approving new policies.
3. Penetration testing
Businesses can reduce costs and mitigate threats through early detection. Penetration testing (or “pentesting”) is a simulated cyberattack that applies a stress test to networks, applications, or environments to identify weaknesses, flaws, and vulnerabilities. Most SMBs skip this step because testing can be expensive and time-consuming. However, when considering the direct or indirect costs associated with a cyberattack, SMEs spend on average $38,000 in direct costs plus an additional $8,000 in indirect costs – pentesting makes sense. Pentests can be customized to meet individual requirements, work both internally and externally, and focus on specific areas such as wireless, cloud, applications, or social engineering. It is also advisable to regularly perform a vulnerability scan of the entire attack surface of your environment (servers, endpoints, cloud environments, etc.). This ensures that the organization is running the latest security updates and patches, which minimizes the number of vulnerabilities that cyber attackers can exploit.
Learn more: Manage cybersecurity needs when talent is scarce and alerts are overloaded
vCISO to the rescue
The ever-increasing demand for cybersecurity services is fueling the demand for cybersecurity executives who can operate at the strategic level. Organizations need senior leaders who can lay the groundwork for policies and procedures, guide them on various aspects of data privacy, governance and compliance, and set the tone for a cybersecurity culture. That said, finding and retaining a full-time security manager can be a major challenge – these people are hard to find, expensive, and suffer from high turnover. Also, most SMBs don’t need a full-time CISO or CSO. Organizations must therefore be creative and find a way to provide leadership without straining their finances or investing in inadequate security tools. vCISOs (virtual chief information security officers) can be hired on demand and without the overhead of a full-time manager. They can be hired on a retainer basis for a set number of hours or on a project or incident basis.
Since vCISOs are industry veterans with deep domain knowledge and hands-on expertise, they don’t need training and can immediately step in and fill the leadership void.
If an organization is looking for help with cyber insurance, vCISOs can help analyze the current state of security controls, help select new policies, review existing ones, and help manage the claims process.
The threat surface becomes vast and complex as the world moves towards hyper-connectivity. Businesses, especially SMBs, will always struggle to balance budgets, resources, technology, and growth. Organizations must therefore think creatively with cybersecurity, to do more with less, but never compromise. This is where cybersecurity services can be a game changer for SMBs.
What cybersecurity services have helped your organization stay secure? Share with us on Facebook, Twitterand LinkedIn. We would love to hear from you!