Managed Security Services Shouldn’t Scare the SMB

Written by

The big guys get it. Data breaches are bad. Robust cybersecurity is good. That makes sense, given that the costs associated with data breaches are rising along with the number of attacks.

According to one industry report, there has been a 12 percent increase over the last five years in the costs incurred from data breaches, and companies are spending an average of $3.92 million per incident on cleanup.

Leaders within smaller businesses often view these large-scale numbers as not applicable, however. After all, they don’t operate at anywhere near the big guy’s level.

Businesses like Target can deal with these major financial hits for years, but they still withstand them. A breached small or mid-sized business (SMB) often doesn’t fare as well. 

In fact, new National Cyber Security Alliance research has found that after experiencing a data breach, 25 percent of SMBs filed for bankruptcy and 10 percent went out of business.

Cybersecurity must become an SMB priority
Businesses must, regardless of size, prioritize cybersecurity and equip themselves with a robust cybersecurity program. Unfortunately, SMBs tend to outsource to a managed IT services provider with the expectation that this simultaneously covers their cybersecurity needs. 
 
Another side of the coin is the SMB that manages its security program entirely in-house. In a recent survey of IT and cybersecurity pros, 53 percent said their own staff handles all things cybersecurity. Those that manage their own security (as opposed to hiring an outside expert) are more vulnerable to a data breach and are less likely to know if a security incident has occurred or is actively occurring. SMBs with in-house security programs point to three main barriers to effectively protecting themselves

  1. A shortage of staff with cybersecurity-specific expertise and skill sets;
  2. The cost and complexity of building in-house security operations;
  3. The inability to support 24x7 threat detection and response. 

  
To put it simply, effective cybersecurity comes down to skills, money and time. 
 
Why are SMBs afraid to pull the trigger?
As the bigger businesses tighten up their security measures, cyber-criminals are moving downstream to the less-sophisticated SMB. Business leaders must ensure they stay one step ahead, while at the same time optimizing the skills-money-time ratio. 
 
The best programs are from companies that specialize in managed security, since like any highly technical service, expertise and bandwidth is required to ensure a business is properly secured from data breaches. Many SMBs, however, are waiting too long to have the conversation.

For SMBs, perceived costs of such a service are truly the elephant in the room. The fact is that it is far less costly for the business to proactively invest in cybersecurity than it is to pay the costs associated with breach recovery. In many cases, the business finds it can streamline its technologies and processes to the point that they are actually saving money.

When a business hires an MSSP, its management can expect that provider to develop an individualized program to make sure the business is protected. That plan should include 24x7 watch on a business’s systems. There are now MSSPs with a cost-effective solution for the SMB.

With this level of support, detection of a data breach can happen within minutes or even seconds (the average security breach remains undetected for three to nine months). This near-instant response helps the SMB minimize damage and ensure uninterrupted service to customers. 
 
Now is the time to secure the SMB
The MSSP’s perpetual focus on cybersecurity enables the SMB to operate with peace of mind. In addition to providing a sense of comfort and removing stress, farming out cybersecurity management—especially for managed threat detection and response—leaves a company free to focus on its actual business without distraction from pressures beyond its core capabilities.

Cyber-criminals and their tools are constantly on the prowl. SMBs need to do everything possible to protect their data. The MSSP model is now in financial reach for the SMB, such that there are no barriers to keeping their data safe.

What’s hot on Infosecurity Magazine?