SMBs Cite “Time and Resources ” as a Main Hurdle for Cyber Security

Posted by Rocco Donnino on Tue, Jun 11th, 2019

Today, the bad guys see small/midsize businesses as low-hanging fruit because they typically have only basic security precautions in place, lack the time and in-house staff equipped to deal with serious IT threats. Growing SMBs struggle to find time for any large IT project, but cybersecurity requires patience, time and effort to be done right. A lack of time can be dangerous to the efficiency and effectiveness of an SMB’s cybersecurity, but the right tools can reduce IT overhead. A new study found that although SMB budgets for cybersecurity have risen 14% this year, SMBs still struggle to find the time and resources to properly deploy cybersecurity services that protect privacy and defend against the latest threats.

Moving Towards Better Cyber Security, By Way of The Cloud

The survey polled 250 small-to-midsize business IT and security directors about their cybersecurity challenges. The results found that although budgets continue to rise, most companies lack the resources and time to properly set up security defenses. One clear issue is that 89% of executives indicated that only one person was in charge of IT security and planning infrastructure deployment. For growing SMBs, this lack of human resources could be devastating due to the lack of awareness over the latest threats and defenses, or the inability to manage the right threat defenses due to lack of resources

Security planning and deployment is often a collaboration of professionals that pool their personal experience to find the right balance of convenience and cybersecurity restrictions. Without professionals that can brainstorm, an SMB could be unaware of weaknesses and vulnerabilities in their systems. Managed service providers using cloud services and advanced security are well-positioned to assist SMBs in improving their security in the cloud and on-premises — especially when SMBs are further challenged by lack of resources. 

According to the latest Deloitte Tech Trends report, the economic impact of the classic in-house role has been estimated to take up as much as 70% of a company’s IT budget just to keep business-critical systems working. Added costs for resources and new tools to a small business’s tech stack is always a topic of concern to owners. However, hiring a trusted advisor to manage their security stack and moving to the cloud makes operations significantly more affordable for small businesses. Outsourcing can give rise to the win-win scenario of saving time and money for SMBs, not to mention improving team productivity. Although switching to the cloud may come with slight upfront costs such as installation or migration, in the long run, it will save small businesses a lot of money.

Email -Still Mission Critical

It is always of interest to cut costs and maximize efficiency wherever possible for all businesses. Protecting your email, productivity and collaborations systems should not be one of them. Of any attack vector, email is a primary focus for cybercriminals due to the large attack surface and efficiency in spreading malware, ransomware and phishing attacks. Many SMBs use cloud email and productivity services such as Google G-suite and Microsoft 0365 for ease of use and cost savings. These organizations provide great collaboration tools, but the email security technology that is included in these services often are basic and lack the sophistication and advanced features necessary for stopping todays advanced persistent malware threats, spoofing and phishing attacks.

Microsoft offers an add on security service called Advanced Threat Protection (ATP) which is very costly when compared the cost of 0365.     Adding additional cybersecurity to any email systems should be an important part of an organization’s security stack and budget, but it doesn’t need to break the bank

Email is mission critical for SMBs, but managing it is time-consuming as well. 24/7 support and threat protection are expensive for an SMB to maintain, and this is where companies are turning to MSPs to help relieve some of the IT overhead and support costs. In a recent report, 77% of the businesses surveyed expect to outsource at least half of their cybersecurity needs in five years’ time. In the near term, 78% are planning to invest more in cybersecurity in the next 12 months. MSPs have an incredible opportunity to offer more advanced security tools and offer thorough weekly coverage that will lower the risk of a successful cybersecurity breach due to email threats and malware.

Sandboxing and Anti-Spoofing Tools are a Must

It’s been recently reported that cyber attacks cost small businesses $53,987 on average. Today’s sophisticated threats need sophisticated defenses for strong cybersecurity posture for email systems. Phishing, malicious attachments, and social engineering attacks focus primarily on tricking users, and it only takes one slip up for an SMB to fall victim to a major data breach. Sandboxing and anti-spoofing are a must to stopping many of these attacks

Attackers often user lookalike sender addresses to trick users into opening attachments or sending network credentials to an attacker-controlled server. With anti-spoofing procedures (e.g. DMARC), attackers are unable to get the message to the user’s inbox. The messages are scanned on the server and quarantined if they do not meet the DMARC rules set by the administrator.

Add sandboxing to the cybersecurity mix and attackers can virtually never reach a user’s inbox. Sandboxing is used to quarantine email with attachments that could be malicious. Instead of permanently deleting email, email security with sandboxing will place the message and attachment in a secure location until the administrator is able to review it. Sandboxing combined with anti-spoofing can fully protect a user’s inbox from phishing, malicious attachments, and any social engineering that requires email communication.

SMBs Should Not Settle for “Basic Security”

99.3 percent of all private business in the US are small businesses and are prime targets for the bad guys. Basic security isn’t enough for SMBs, especially with the onslaught in phishing, zero-day threats and malware attacks as well as IT resources and time restraints organizations face when it comes to cybersecurity.

Security vendors that provide sandboxing and anti-spoofing as an add on premium package to their email security solutions, continue to run up unnecessary costs for SMBs and MSPs that support them. Even email and productivity leaders such as Microsoft offer costly email security extras with some prices as high as $1.50 per user per month. At TitanHQ, we feel that it’s “table stakes” to include this level of advanced security in our email security service without selling it as a separate line item and it’s exactly how we feel the needs of the SMB audience should be met. For the Managed Service provider who services SMBs, the ability to have a secure, multi-tenant, scalable, easy to run private cloud instance at an affordable price point has proven that their customers can focus on what’s important to them … their business!