Editorial Note: We earn a commission on partner links on Forbes Advisor. Commissions do not affect the opinions or ratings of our editors.
Over the past year, small businesses have faced the many challenges of the pandemic, changes in business models and supply shortages in hiring and retaining employees. In addition to these pandemic challenges, SMEs also face a growing business risk: cybersecurity incidents.
Cybercriminals often target SMBs because of the limited security and training resources that make these businesses vulnerable. According to a study, Verizon found that 61% of all SMBs reported at least one cyber attack in 2020, with 93% of small business attacks focusing on monetary gain. Unfortunately, this forces many SMBs to shut down after an incident due to the high costs incurred in a cyber attack.
Cyber security is no longer just “nice to have” for SMBs, but many business owners don’t know where to start. And while measures like a VPN or an antivirus system can help, they are not enough on their own. Managed Security Service Providers (MSSPs) are a valuable resource for SMBs, enabling them to bring the expertise to secure infrastructure that they may not be able to afford in this highly competitive job market.
When looking for an MSSP, hundreds of options often leave businesses overwhelmed. To learn more about the value MSSPs should and can deliver, I spoke with Frank Rauch and Shay Solomon from Check Point Software Technologies.
Koziol: What should small and medium business owners look for when selecting a cybersecurity MSSP? What are the must-haves and must-haves?
Rauch: We live in an age when businesses, especially small and medium-sized businesses, cannot afford to leave their security to chance. SMBs are a prime target for cybercriminals because they inherently face the expertise, resources, and IT budget to protect themselves against today’s sophisticated cyber attacks. Today we are experiencing the fifth generation of cyber attacks: large-scale, multi-vector mega-attacks targeting businesses, individuals and countries. SMEs should look for a true leader in cybersecurity. They should partner with an MSSP that can cover all sizes of customers and all use cases. To make it easier for you, we can focus on three key areas:
- Security. The best MSSPs have security solutions validated by renowned third parties. They must prove their threat prevention capabilities and leverage a large database of threat intelligence that can help prevent threats at any time.
- Capabilities. MSSPs are expected to offer a wide range of solutions, regardless of size, from large enterprises to small businesses, data centers, mobile, cloud, SD-WAN protection, to IoT security. Having this wide range of expertise will ensure that your MSSP is ready to cover your business in any case.
- Individualized. This is perhaps one of the most critical areas. Your MSSP should offer flexible growth-based financial models and provide 24/7 service and support with real-time prevention. Collaborative business processes and principles will ensure long-term success and security.
Koziol: How can SMEs measure the interest of using an MSSP? Or, the risks of inaction?
Rauch: The biggest telltale sign of a match made in Heaven is if you receive your security needs through one supplier. Otherwise, these options exist! Getting the best security from an experienced and leading vendor can reduce costs, simplify, support, and ensure consistency across all products. This ranges from simply protecting your sensitive data to ensuring that you can secure the business through a centralized security management platform. How can you protect what you can’t see?
It makes sense to keep tabs on how many cybersecurity attacks you’re preventing each month. How long does it take you to create, modify and manage your policies? Do you grow as you wish? Can you adapt on the fly if need be? Are your connected devices secure? These are just a few examples that you should be able to measure with ease.
Koziol: How has the shift in remote / hybrid workforce changed the way cybersecurity MSSPs support SMBs?
Rauch: The shift to a broader practice of working from home has caused attackers to move their attacks outside of their network. It is more important than ever for MSSPs to provide their SMBs with a comprehensive portfolio (endpoint, mobile, cloud, email and desktop) that allows them to reliably connect, scale quickly, and stay protected. , whatever the environment.
The best MSSPs should have been ready for this day. Anytime, day or night, your organization can fall victim to devastating cybercrime. You can’t predict when cyber attacks will occur, but you can use proactive practices and security services to quickly mitigate their effects or prevent them altogether. The shift to a hybrid workforce has exposed the flaws in the existing security infrastructure.
On the positive side, security incidents provide an opportunity to thoroughly reassess and improve information security programs. They show threat vectors that we had previously overlooked and educate the entire organization about improving existing controls or implementing new controls. So, at the very least, this change was an eye opener for MSSPs.
Koziol: Should MSSPs offer security awareness and training as part of their offering? Why?
Solomon: Absolutely yes. Ultimately, knowledge is power. Cyber attacks evolve, and training can help protect and train SMB employees. According to a VIPRE study, 47% of SME executives said data security was their top concern. At the same time, many SMEs lack sufficient skills and capacities to improve security themselves.
The only way to effectively fight cybercrime is to share experiences and knowledge. Due to the cybersecurity shortage, Check Point Software, with 200 global training partners, recently announced a free cybersecurity training program called Check Point Mind. It offers numerous cybersecurity training and awareness programs to give SMEs (or any business) the opportunity to expand their skills with comprehensive cybersecurity training programs led by world-class professionals.
Koziol: How can working with an MSSP on security awareness improve the overall security posture of a company?
Solomon: Raising employee awareness is a crucial step that is often overlooked. Employees must be able to identify a phishing attempt and know how to respond. In our experience, we see a majority of employees attacked using emails. They receive an email that looks like an official email from someone in authority, asking them to open attachments or click on a link with malicious intent.
If employees take a training course that teaches them what to look for in an attack, it will surely reduce their risk of falling victim to a phishing attempt.
Koziol: What questions should SMEs ask their current or future MSSPs about cybersecurity?
Solomon: Based on what has been mentioned earlier, it is never too late to reassess and improve information security programs. Asking questions and investing in a better security posture shows us threat vectors that we could have previously overlooked and educates the entire organization on the need to improve existing controls or implement new controls. SMBs should proactively approach their MSSPs to ensure they get value for their money, security solutions that require minimal configuration and simple integration. In addition, they should ensure that they are taking the appropriate actions when evaluating the security architecture, advanced threat prevention, endpoint, mobile, cloud, email, and desktop. .
Koziol: What future for MSSPs in the field of cybersecurity? What should small business owners expect next?
Rauch: One of the key areas that we will see continued growth is the need for a next-generation cybersecurity solution that enables organizations to proactively protect themselves against cyberthreats: incident detection and response management. As attacks continue to evolve and multiply, unified visibility is essential across multiple vectors that a cyber threat actor could use to attack a network.
A common challenge that we see is an overwhelming volume of security data generated by an array of stand-alone point security solutions. What is needed is a single dashboard, or in other words, unified visibility, which enables a lean security team to maximize its efficiency and effectiveness. SMEs should take the opportunity to verify security investments. The highest level of visibility, achieved through consolidation, will ensure the best efficiency.
There is no doubt that cyber incidents will continue to increase. For SMEs, the stakes have never been higher when it comes to cybersecurity. When looking for an MSSP partner for your organization, keep in mind not only how they can manage your technology stack and help you respond to a cyber incident, but also train your employees and put proactive measures in place to prevent an attack from occurring. happen. An MSSP that matches your organization, security strategy, and training approach is invaluable as SMBs seek to protect their business, data, and employees.