Zzzzz… that’s the sound of IT and security professionals at small and medium-size businesses (SMBs) sleeping soundly at night because they have around-the-clock cybersecurity coverage, many whom allocated some of their limited budgets to managed security services partners.

At least, that’s the sound your SMB should aspire to for your IT and cybersecurity team.

In the realm of cybersecurity, much is written about the varying needs of organizations depending on the industry they’re in, their size (both in terms of number of employees and revenue), their geographic location and more. Five or ten years ago any news of cyberattacks would likely focus on large enterprises – they were the “whales” with the money, people and intellectual property that attracted cybercriminals like moths to a flame.

But today? SMBs now dominate news of ransomware and other cyberattacks: from hospitals and schools, to retailers and manufacturers, the news is full of stories of smaller organizations being brought to their knees by a breach. Bad actors no longer discriminate between the “big guys” and the “little guys”; SMBs are now the primary targets because they often lack the technologies and staffing for adequate cybersecurity protection.

Where, exactly, are most SMBs on their path to cybersecurity maturity today?

Although Pondurance has been providing managed and consulting security services to SMBs for years now, we were interested in calibrating a bit – at taking a deeper dive into the state of cybersecurity maturity within SMBs today. To do this, we commissioned a study from Forrester Consulting to explore how SMBs are evolving their cybersecurity operations practices to protect their organizations and the people they serve. We wanted to know:

  • Do SMBs feel especially targeted by cyberthreats? Are they seeing an increase in the number and types of cyberattack attempts on their organizations?
  • Are they properly equipped with the right cybersecurity resources to address today’s cyberthreats?
  • Do SMBs manage their own internal security operations centers (SOCs), or do they outsource? And do they run them 24/7?
  • Have they been able to hire and keep qualified security experts?
  • Do they rely on outside partners to help fill skills and technology gaps? If so, how much?
  • What are the cybersecurity tools and technologies they believe are critical to improving their detection and response capabilities?
  • If they rely on external partners, what do they need and expect from a partner? What outcomes do they expect for their businesses?

These are some of the questions that are addressed in the study, titled Attackers Don’t Sleep, But Your Employees Need To. Maybe the title gives it away – the study found that, while 81% of small and medium-size businesses surveyed are monitored by a SOC (encouraging!), most–57%–do not operate 24 hours a day, 7 days a week (discouraging!). 67% of respondents’ organizations have 1 to 10 full time employees solely dedicated to cybersecurity and that’s everyone providing security support, including whoever might be staffing a SOC. At the higher end of the SMB category are organizations as large as 2,500 employees and $2 billion in annual revenue, so that’s not a lot of security staffing to protect the business and its people and assets. Round-the-clock security operations coverage can run the limited staff within an SMB absolutely ragged.

SMBs are relying on external partners for both platforms and services to close their people, process, and technology gaps

The 232 U.S.-based cybersecurity operations leaders that were surveyed are practical about where they need help and many are looking to external partners to fill their skills and technology gaps. Indeed, respondents report spending 60% of their cybersecurity operations budget on managed and consulting security services. Sixty-seven percent of respondents “report that engaging external security operations partners is crucial to maturing their security operations practices.”

Pondurance wants to be that partner and as it turns out, the services we deliver – powered by best in class technologies – line up directly with the detection and response investments at the top of many an SMB’s “wish list”. When asked, “In which of the following areas is your organization interested in engaging an external security operations partner?”, these leaders responded that, in the next 12 months, they plan to implement managed detection and response (MDR) (38%), extended detection and response (XDR) (47%) and digital forensics and incident response (DFIR) (48%). Endpoint detection and response (EDR) (31%), a vulnerability management program (28%) and a security information and event management (SIEM) platform (28%) round out the list.

These are just some of the findings in Attackers Don’t Sleep, But Your Employees Need To. In the weeks ahead we’ll dive a little deeper into more of the findings, including what, specifically, SMBs cite as “the most important drivers of engaging an external security operations partner”. (Spoiler alert: Pondurance “checks all the boxes” ;-)) Also, please join us for an enlightening webinar with Lyndon Brown, Chief Strategy Officer with Pondurance, and guest speaker Jeff Pollard, VP Principal Analyst with Forrester, as they discuss the findings of this Forrester Consulting study and provide guidance for achieving the 24/7 SOC coverage required to help SMBs respond to cyberthreats and help their teams get a good night’s sleep. Zzzzz…