Jay Ryerse at ConnectWise considers how smaller businesses are as much at risk from cyber attacks as larger enterprises are, and how engaging with IT Managed Service Providers offers a way forward.
2020 has been an unpredictable year. Across the globe, organisations have had to adapt to new remote working environments, virtually overnight - and with businesses more reliant on being digitally connected than ever before, cyber-criminals have taken full advantage.
However, whilst the majority of cyber attacks that make the headlines concern larger organisations, the reality is cyber-criminals don’t discriminate by business size. In fact, small and medium-sized businesses (SMBs) are a key target for attackers, the aftermath of which can have a devastating effect. Prior to Covid-19, SMBs faced more than 10,000 cyber attacks every day, and as organisations have had to grapple with new remote business frameworks, these show no sign of slowing down.
ConnectWise have recently released a cyber-security report, which surveyed 700 IT and business decision-makers in SMB organisations across the UK, the US, Canada, Australia and New Zealand. The report reveals how businesses are viewing cyber-security in the post-pandemic world. Here are four key takeaways from the report:
1. Cyber-security investment is on the rise
Encouragingly, whilst organisations have had to focus on managing the shift to remote working, cyber-security continues to be a top priority for SMBs. In fact, our report found that 86% of SMBs have cyber-security within their organisation’s top five priorities.
Not only are businesses already investing in cyber-security, but nearly three-quarters of SMBs plan to invest more of their budget within the next year. Furthermore, over half of SMBs believe that greater investment in cyber-security will reduce their organisation’s risk levels.
2. The skills gap remains a top priority
Whilst cyber-security still remains a top priority for SMBs, many organisations are confronted by a massive shortage of candidates with the relevant skills. A widespread cyber-security skills gap was reported, with over half of SMBs agreeing that they had a lack of the in-house skills needed to deal with security issues. To counter this, a greater and continued investment in cyber-security education is needed moving forward.
3. The skills gap is driving outsourcing
On a positive note, the skills gap does help to drive the adoption of outsourced services, which creates greater opportunities for IT Managed Service Providers (MSPs). Nearly 6 in 10 SMBs determined that the majority of their cyber-security needs will be outsourced within the next 5 years. Furthermore, many of those see an increase in cyber-security expertise as an added value of working with an MSP.
4. SMBs want their MSPs to be cyber-security fluent
In an increasingly competitive market, lack of cyber-security expertise can have serious implications for MSPs. Ninety-one percent of SMBs said they would consider using or moving to a new IT service provider if they offered the ‘right’ cyber-security solution. For most, this means being confident that their provider will be able to effectively respond to cyber attacks and minimise any possible damage.
Learning from cyber-security research
It is critical that MSPs focus on educating their teams on how to deliver the right cyber-security solutions. Ultimately, keeping up to date with trends and threats, and increasing their service offerings, will be mutually beneficial: providing SMBs with the protection they desire, while MSPs retain and gain customers.
Whilst the majority of SMBs would consider moving to a new IT service provider if they offered the ‘right’ cyber-security solution, they may favour a do-it-yourself approach when set against the cost of employing an MSP. However, whilst this can offer adequate protection to SMBs when following cyber essentials, as new threats arise, small businesses often don’t have the time or the manpower to consistently adjust their security posture.
SMBs tend to only purchase the minimum security functionality they require. This is not only due to cost concerns, but also for the purposes of ease of use and a desire not to lose valuable revenue-generation time undergoing various security authentications.
It is vital that small businesses are shown in great detail exactly why they need to adhere to a strict security policy that demands these measures. The MSP community can help educate and offer SMBs the tools to do so. And, this study reveals a greater desire for SMBs for just that.
2020: a year of cyber-change
We cannot ignore the impact that Covid-19 has had on MSPs and their clients. Whilst the increase in cyber attacks did not significantly impact respondents’ views towards prioritising cyber-security, three quarters (79%) of SMBs did express concern with potential breaches of remote devices and employees.
Whilst remote working practices are of a concern to SMBs, they also present new areas of growth for MSPs. There is increased market opportunity for those service providers who participate in ongoing cyber-security training, build close relationships and instill confidence with their clients. Ultimately, MSPs who can effectively balance between people, processes and cyber-security technology will be strongly positioned for growth post-pandemic and beyond.
Cyber-security is not a quick fix. Businesses need continual education on cyber hygiene and policy reinforcement. Whether this is to improve an SMB’s cyber-readiness, or to inform and converse with customers about best cyber-security practice: it’s an ongoing process that requires maintenance.
Jay Ryerse CISSP is VP of Cyber-security Initiatives at ConnectWise.
Main image courtesy of iStockPhoto.com