Small and midsized businesses (SMBs) are the engine of the recovering economy. According to recent U.S. government numbers, just over 60 percent of the U.S. private sector workforce is now employed by companies with fewer than 1,000 employees. Not only are SMBs significant employers, they are also among the earliest adopters of new technologies.
In general, these companies conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and BYOD technologies. Fast adoption of innovations helps SMBs to compete against larger organizations. But their leading role in the economic recovery will be in jeopardy if they cannot enhance their cyber threat defense. Small and midsized companies are at growing risk of being exploited by expert, organized, global adversaries for financial gain.
Adversaries are not just targeting prized assets like customer and employee data, intellectual property, and corporate secrets. Cybercriminals also recognize that smaller companies are a vector into the networks of larger corporations. Some notable attacks on large companies last year were traced back, in part, to smaller business associates that had been hacked. A 2013 study conducted by PwC on behalf of the UK Government BIS Agency found that 87 percent of small businesses had been compromised, up 10 percent from the previous year. Many companies are now mandated by their larger partners to improve their threat defense. Regardless of size, organizations have legal and fiduciary responsibilities to protect valuable digital assets.
SMB technologists understand that cyber risk is here to stay. They do not have the resources to deploy an army of remediation consultants after a breach, and they have many competing, diverse demands on their attention, but they are always seeking cost-effective ways to reduce risk. Traditionally, they’ve relied on either unified threat management solutions, which too often represent a compromise, or multiple point solutions (stateful firewalling, application control, intrusion prevention, and advanced malware mitigation) that impose inordinate complexity and management challenges. But just as they constantly seek out technology innovations to help run their businesses, many that I speak with want more from their network security technologies to help mitigate risk.
If you’re a security professional at a small or midsized company, the following three questions can ensure you get an effective and affordable approach to reduce risk.
1. I’m vulnerable to the same types of attacks as large organizations — is there a way to get the same level of protection as my larger peers, without the complexity? Today’s dynamic attacks can evade even the best point-in-time detection tools, such as legacy next-generation firewalls, UTM solutions, and IPS’s that lack contextual awareness. While these tools are effective at basic traffic inspection, they provide minimal visibility into the activity of malicious threats once they have penetrated the network. Unable to provide total visibility into the network, they cannot adequately help to protect it. When security professionals are blind to the scope of a potential compromise, they are unable to quickly contain threats before they cause significant damage.
And SMBs don't have the staff to build and administer non-integrated approaches. Look for easy-to-manage solutions, purpose-built for an organization of your size, which provide multi-layered protection and full visibility across the entire attack continuum – before, during, and after an attack.
2. We have a limited budget and need to understand the total cost of ownership for any solution. How can I keep deployment and operational costs in check? One way to reduce total cost of ownership is with solutions that integrate multiple threat defense technologies in a single appliance, for example: firewall, VPN, intrusion prevention, application visibility and control, and even advanced malware protection. Solutions providing intelligent automation and contextual awareness help to further reduce operating costs. For example, automated tuning and correlation will help reduce false-positive alerts that can devour staff time. Visibility into known and unknown threats can drastically reduce malware remediation time.
3. The cybersecurity skills shortage affects us all, but midsized companies perhaps even more. I can’t just hire more talent to deal with the problem. How can you help me manage the solution with existing resources? Look for solutions that include centralized management that combines control over access policies with advanced threat defense functions. A unified view of trends and risks will help prioritize monitoring and remediation.
Reducing cyber risk is no longer just a security issue – it is a boardroom issue. Midsized organizations have the same significant threat protection needs as larger organizations. To remain a driving force within the economy, the time is right for SMBs to take a fresh look at their security options. Just as they’ve embraced other technology innovations to advance their businesses, they need a new approach to cybersecurity that mitigates risk to valuable digital assets.
Related Resource: Securing Small Business Backdoors in the Enterprise Supply Chain
Related Resource: Making the Business Case for Advanced Threat Protection