Small and medium-sized businesses (SMBs) are the biggest targets of cybercriminals, and they often don’t have the necessary budgets, people, processes, and products to protect themselves. Because of this, SMBs are increasingly turning their cybersecurity protection over to managed service providers (MSPs).
More than 40 years after the invention of the personal computer, it is astounding that we still need World Backup Day. This year’s event, which takes place on March 31st, the day before April Fool’s Day, ‘is a day for people to learn about the increasing role of data in our lives and the importance of regular backups.’ Here’s the key takeaway: You need to regularly back up your data because the chances of losing some or all of that data are high, and getting higher.
Today’s cybersecurity is good, with most prevention solutions having a 99.9% or higher detection rate for common malware, but once penetrated, identification is usually a case of too little, too late. The mean time to identify (MTTI) a data breach was 201 days, and a mean time to contain (MTTC) was 70 days. In up to 70% of cases, data breaches were detected by third parties.
We were surprised by a recent research report that found enterprises are moving more quickly to managed security service providers (57 percent to provide 24×7 IT systems monitoring, 45 percent for threat detection and intelligence, and 41 percent for technology assessment and analysis). The results were surprising because SMBs are facing even more threats than enterprises, and they have less resources – tools, skills, and personnel.
While overall IT budgets are experiencing minimal growth – a compound annual growth rate of 0.9 percent in 2016 (to $3.4 trillion) – the sky is the limit when it comes to cloud: Cloud infrastructure spending will increase 16.2 percent in 2016 to $37.4 billion, with a 5-year CAGR of 13.6 percent to $60.8 billion in 2020. That’ss just the hardware; public cloud services are expected to reach $208 billion in 2016, up from $178 billion in 2015. Gartner attributes the growth to the fact that organizations are saving 14 percent of their budgets as an outcome of public cloud adoption.
History teaches us that everything changes, and that’s particularly true when it comes to cybersecurity where a vulnerability, accidental or malicious, can put a business at risk any time, any where. While cybersecurity must address the core functions — Identify, Protect, Detect, Respond and Recover — in a holistic manner, what are the processes, practices, hardware and software that when combined and integrated together can provide effective cybersecurity? The following is not a definitive list, but it does cover the basics required to better secure your information assets.
One of the realities of today’s cybersecurity threatscape is not if you will be breached, but when, and how often. As good as cybersecurity is becoming – i.e. prevention solutions provide a 99.9 percent or higher detection rate for common malware – effective cybersecurity depends upon three pillars – prevention, detection and resolution – with the latter two required to address those situations where prevention isn’t enough.
While small and medium businesses don’t appear to be as concerned about their cybersecurity vulnerabilities as they should be – i.e. SMBs are the principal targets of cybercrime and as many as 60 percent of hacked SMBs go out of business after six months – the reality is that the growing and rapidly changing threatscape and limited resources are driving them to outside help to protect their businesses. That protection can include assessments, remote monitoring and management, and backup and disaster recovery, but one way to stand out from the competition is to focus on their risk tolerances and customize your offerings to their individual risk appetites.
Whether internal or external, accidental or malicious, the cybersecurity threatscape is huge and growing, but successfully protecting your information, and your business, is not as difficult as you might think.
In the first of a three-part series, I’ll address how a framework consisting of these three pillars provides the basics for effective cybersecurity.
In the movie Ghostbusters, the imaginary threats ranged from Psychomagnotheric Slime to the Stay Puft Marshmallow Man and Gozer the Gozerian, armed with slime and a bagful of Hollywood special effects. In the real world, small and medium businesses face a growing range of internal and external cybersecurity (CybSec) threats that are just as scary, while at the same time they are handicapped by a shortage of skills and resources. With most SMBs (55 percent) the victim of a cyberattack within the last 12 months, and 60 percent going out of business within six months, it makes partnering with a CybSec specialist (AKA CyberThreatBusters) a necessity.