Cybersecurity for Small Businesses: Why Managed Security Service Providers are the Solution
By Anusuya Datta Cybersecurity is critical for small and medium businesses since they are usually easy prey as they have access to money and data, but often much lower defenses. If working with managed security service providers made sense for SMBs even before the pandemic, now it may be essential in the face of more sophisticated threats.
Cybercrime cost the world more than $1 trillion in 2020. That’s equivalent to one percent of the global GDP. Of this, an astonishing $945 billion was lost due to cybersecurity incidents, while the remaining was spent on security measures, according to technology firm Atlas VPN.
And if you think only governments and big corporations are the targets, then you are sadly mistaken. Even before the pandemic struck, small- and medium-sized businesses (SMBs) were highly vulnerable to cyberattacks. The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report underscored growing cybersecurity concerns, illustrated through the year-on-year trends dating back to 2016 — 76 percent of companies in the United States experienced some form of cyberattacks in 2019, up from 55 percent in 2016, while 69 percent reported an incident that resulted in the loss of sensitive information versus 50 percent in 2016. Globally, the numbers were 66 percent and 63 percent, respectively.
And here’s the clincher — according to the National Cyber Security Alliance in the United States, 60 percent of SMB go out of business within six months of a cyberattack.
The point is cybersecurity is critical for SMBs. They are usually easy prey for cybercriminals as they have access to money and data, but often much lower defenses.
“Cybersecurity is all about tools and solutions to limit the risk as much as you can because there are many ways hackers can infiltrate into an environment through our employees and through our own technology,” says Alex Ryals, vice-president of security solutions at Tech Data.
Tune into Conquer Local podcast: Cybersecurity Bootcamp with Alex Ryals
However, if you are a really small business operating on a shoe-string IT budget, or have recently jumped onto the ecommerce platform, or a local agency powering your local community, you probably are not likely to have in-house resources to fend off such attacks. You may not even be aware of the kind of threats that exist, or don’t have the bandwidth to deal with them.
Fear not, you can enlist a specialized managed security service provider.
What is a managed security service provider?
A managed security service provider (MSSP) — or managed cybersecurity service provider (MCSP) as they are also called — provides cybersecurity as a service and helps companies deal with the protection of their computer systems as well as issues like intrusion detection and prevention, firewalls, incident management, managed vulnerability and identity and access solutions. All round the clock.
Managed security service was already a fast-growing market led by the likes of IBM, Accenture, Capgemini et al, and big businesses have traditionally turned to MSSPs for addressing the daily pressures they face regarding targeted malware, data theft in the face of skills and resource constraints.
In a post-pandemic world, the rise in cloud-based activities have kept MSSPs busy. Ecommerce has seen a boom as businesses of all shapes and sizes jumped onto the bandwagon to stay competitive. Further, even in the case of physical stores, the need for physical distancing comes with its own set of challenges. Grocery stores, convenience stores, pharmacies and restaurants offering curbside pickup or delivery services are switching to digital solutions to streamline their logistics and backend.
As businesses spend more time online, they are targets for cybercriminals. Throughout 2020, COVID-19 themed phishing attacks were common, as hastily created remote working environments and first-time digital businesses created new security risks.
If working with an MSSP made sense for SMBs even before the pandemic, now it may be essential as the threats get more sophisticated.
Why do you need a managed security service provider?
“Everybody’s vulnerable, now more than ever. Every company that is online, no matter the size, complexity, geography or business, faces certain risks that they need to mitigate,” Ryals says.
Even in normal business environments, employees were often the weak link when it came to cybersecurity. But now, with the majority working from home, the risks become manifold. Is that employee using a personal laptop? Is that laptop secure? Does it have a virtual private network (VPN) client? Is it being accessed from a public Wi-Fi? Such a laptop could be easily infiltrated by a hacker who installs malware on a laptop that connects to your corporate network.
Vendasta Marketplace: Sell marketing, productivity, and ecommerce solutions under your brand
“It’s really important because small businesses are realizing that they need websites, but they also must realize they need to secure the website because a lot of hacking comes through your own website when you don’t even know it,” Ryals says.
Ryals would know. An expert in big data analytics, mobility, security, converged infrastructure and the internet of things (IoT), in his current role at Tech Data, he guides a team that builds channel-enabled solutions for partners.
There’s a concept called distributed denial-of-service (DDoS) attack where hackers flood a target’s website with so much traffic that customers can’t even access it anymore. Companies need solutions to capture DDoS traffic so that customers can continue to access their websites. Problems like DDoS attacks, phishing or malware/ransomware invasions are an everyday affair for MCSPs, and they have the expertise to handle such issues that may not exist in-house. They also have the resources and bandwidth to be available 24x7 to fend off attacks, which an internal IT team may not be equipped to do, especially SMBs.
What to do when you are dealing with partner networks?
Organizations, no matter how small, need proper cybersecurity guidelines and protocols. They must also ensure employees are aware of how to work securely and remain vigilant while communicating with suppliers and customers. This becomes crucial for organizations that support partner/supplier websites, which is one of the most common ways hackers gain access to company networks.
“It is becoming increasingly important for small and medium businesses to not only train their own employees to understand the nuances of cybersecurity, but to also train their clients or partners on the necessity of being equipped with the right tools — whether that means adding cybersecurity solutions to their offerings or the physical hardware that needs to be installed,” says George Leith, chief customer officer at Vendasta.
Why are MSPs turning to managed security services?
The sudden rise in demand for managed security services has also seen many managed service providers (MSPs) looking to provide security services to customers. The concept of managed services offerings as a bouquet began about 20 years ago with MSPs who began installing and maintaining business software solutions such as email services, cloud platforms and a variety of business software. MSPs primarily focus on operations and deal with the maintenance of business systems remotely or in-house. But now, in the fast-changing landscape, they see a great opportunity to provide network monitoring and management as a service to SMBs, which might also include cybersecurity-as-a-service.
“It’s an enormous opportunity because when we digitally enable our clients, there are security components that can be bolted on to make sure that everything’s buttoned-up real nice and tight,” Leith says.
NextVen: A Vendasta + Tech Data partnership
It is this trend that prompted Vendasta to seek a partnership with Tech Data last year to launch the NexVen Channel Program. The program brings more security solutions to the Vendasta Marketplace and allows NexVen vendors to grow their market plus sell products and solutions in an innovative way.
A sharp rise in demand for ecommerce, combined with the need for remote work operations — all accelerated by the pandemic — prompted a demand for cybersecurity solutions within the Vendasta platform. “Either help those that have sold ecommerce websites by adding some basic security components or support remote work that’s being done with various cybersecurity tools. There’s a commercial opportunity in helping small businesses.” Leith says.
NexVen is the result of, what Leith calls, “convergence of channels where we see more and more managed service providers wanting to offer martech (marketing technology) solutions and more and more agencies, media companies. and telcos wanting to offer more managed services.” And because cybersecurity is delivered in the cloud, there was an opportunity to marry the two worlds together.
For Tech Data partners, the NexVen program opens up completely new markets in Vendasta’s diverse channel partner ecosystem. Additionally, Tech Data’s cybersecurity vendors may also choose to use the Vendasta platform to power their marketing automation, customer relationship management, business operations, and B2B ecommerce.
“Vendasta has built an amazing end-to-end platform designed specifically to take solutions to market in an ecommerce way, using automation with a lot of the right ingredients in place to help partners sell solutions to customers,” Ryals says. Adding cybersecurity solutions to this portfolio is an upselling opportunity for the Vendasta community and opens up new markets for Tech Data security vendors.
The road ahead
"Organizations are struggling to acquire the security expertise needed to assist in managing and monitoring the constant flow of security threats and to fully implement and integrate the growing number of tools that their security teams have acquired. As a result, they are turning to MSS providers to deliver security expertise, spanning managed security and complementary services to assist in preparing, detecting, and responding against future attacks,” says Martha Vazquez, senior research analyst, Infrastructure Services at IDC.
IDC’s report, Worldwide Managed Security Services 2020 Vendor Assessment, published in September 2020, reveals that the managed security services market has been steadily evolving as organizations strive to raise their security maturity and lower risk. In response, providers have shifted and expanded their offerings, technology, methods, and processes to assist organizations in defending and responding against modern attacks. This trend was accelerated in 2020 by the COVID-19 pandemic, which pushed organizations to review the security functions they had in place and deploy those that were needed to support the new remote workforce.
“These service providers are racing to offer in-depth advanced detection and response capabilities to compete in the ever-evolving cybersecurity market. Various providers are all partnering and developing their own proprietary technology to stay ahead of the curve,” Vazquez says.
Since the market has evolved, the role of a traditional MSS provider has matured and expanded. IDC acknowledges the expansion of MSS, termed MSS 3.0, which entailed managed detection and response. The challenge going forward will be in how these competitors continue to stay ahead of the curve and display continued differentiation within the security landscape.
Cybersecurity has come a long way from the days of Norton Antivirus and McAfee. The ongoing digitalization will create additional cybersecurity challenges. As SMBs globally become more digitally enabled, there is a genuine risk that a security incident related to unsecured IoT devices could be catastrophic. And as the use of biometrics become mainstream (already three-quarters of SMBs use biometrics to identify and authenticate or have plans to do so soon, according the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report), there is a definite need for small and medium businesses to be prepared. And they’ll likely need help.
