This blog is the fourth in a series that explores specific findings from Attackers Don’t Sleep, But Your Employees Need To, a Forrester Consulting study recently commissioned by Pondurance.
For small and medium-size businesses (SMBs), digital transformation has been both a revolution and a source of great challenges. Cloud technologies and Internet of Things (IoT) devices have helped create efficiencies in product and application development and have even helped boost the productivity of a growing remote workforce. But these advances have also created an expanded attack surface for cybercriminals, and the complexity of modern, hybrid networks requires a sophisticated technology stack, a high level of expertise to manage and monitor your environments and around-the-clock threat hunting.
In many cases, SMBs have a lot more at stake than their enterprise counterparts when it comes to cyber threats since larger enterprises tend to have the cash to make ransom payments and the resources to reconstruct breached networks and counterbalance bad public relations. Any of these could sink a smaller business outright, and the lack of resources and budget to elevate their security posture is precisely what make SMBs favorable targets for bad actors. It’s no wonder 75% of the respondents in the Forrester Consulting study Attackers Don’t Sleep, But Your Employees Need To indicate they have seen an increase in attempted cyberattacks over the last three years.
As SMBs become more attractive targets, it is becoming clear that traditional, reactive cybersecurity practices are no longer viable options. But closing that gap is not easy. In fact, according to respondents, 36% struggle to provide their employees with the right tools to perform their jobs most effectively, and even if they could, 42% lack the skills and expertise to operate them.
And what’s worse, 67% of respondents have fewer than 10 employees solely dedicated to cybersecurity. This means they do not have the resources to maintain a 24/7 monitoring posture, reactive or otherwise!
Many SMBs are in the early stages of cybersecurity maturity and are painfully aware of what they are lacking. According to this Forrester Consulting study, money and people are what they need to mature their security posture, so where do they turn when those things are in short supply? Where do they even start?
Partnerships with service providers can fill the gaps
Fortunately, there are partners out there offering Managed Detection and Response (MDR) services designed to provide relief in the very areas where SMBs struggle most. Knowing they must mature their security programs to mitigate risk and support growth, and knowing what it takes to do so, SMBs are turning to external partners to elevate their detection and response capabilities. In fact, 67% of respondents report that engaging external security operations partners is crucial to maturing their security operations practices.
In the next 12 months, the top services and tools respondents plan to implement are MDR services (38%), extended detection and response (XDR) platforms (47%), and digital forensics and incident response (DFIR) services (48%). The combination of technology and service is important because tools can help existing employees increase their efficiency, but getting the most out of those tools requires a level of expertise many SMBs don’t have. Support services bring both expertise where current staff may be lacking and expanded bandwidth with the service provider’s security operations center (SOC) acting as an extension of the SMB’s internal team.
The Attackers Don’t Sleep, But Your Employees Need To study reaches the conclusion that, “SMBs face the same threat landscape as larger companies, but with more limited people, budgets and skill sets.” Countering these threats requires 24/7 detection, a modern tech stack and the expertise to manage those tools and respond to threats. Respondents in the SMB community understand this and expect to see significant results from their cybersecurity partnerships, specifically increased customer trust (49%), reduced risk (47%), increased revenue (45%), improved efficiencies (44%) and increased employee engagement (44%).
Those high expectations precisely articulate the value the right cybersecurity partner can bring to your business, but as we always say here at Pondurance, not all service providers are created equal. Knowing you need a partner is a great first step to cybersecurity maturity, but choosing one that supports your specific needs is just as important. At a minimum, you need 24/7 monitoring, a modern tech stack and the expertise to detect and respond to threats rapidly and efficiently. Some providers out there can give you that, but selecting one that caters to your specific challenges can not only help you fill the gaps and mature your security program, it can stimulate growth across your organization!
We encourage you to do your research and check out Attackers Don’t Sleep, But Your Employees Need To to learn more about how you can navigate modern SMB cybersecurity challenges with the right partner.