The cybersecurity landscape has changed — what was once considered “just a large company” problem now affects companies of all sizes. While many small business owners continue to operate under the belief that security breaches only impact large businesses — likely a result of the intense media focus on massive security breaches like Equifax, Apple, and Target — this could not be further from the truth.
Attacks on small- and medium-sized businesses (SMBs) are on the rise and the associated costs can be detrimental to their business. In fact, the average cost from damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 according to a study conducted by the Ponemon Institute. Meanwhile, the average cost of the disruption to normal operations increased from $955,429 to $1,207,965.
In response, SMBs worldwide are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market.
Security: A critical piece of your managed services offering
Today, security should be a central focus for every managed service providers’ (MSP) offering. Protection for endpoints, firewalls, and email — once standard with most MSP offerings — are no longer enough to protect against the top cybersecurity threats.
With cybercriminals becoming more sophisticated and targeting SMBs, tactics like ransomware, data breaches, and phishing attacks can overwhelm these traditional solutions that used to suffice. To protect your customers from security events that could cause downtime, work stoppage, or worse, you need to safeguard your customers’ solutions to mitigate as much risk as possible. Remember, cyber issues affect more than you and your customer. Your customer’s customers and their suppliers will also be impacted.
When someone breaches your customer’s systems, they could access all critical systems and data. If this happens in a regulated industry like healthcare, financial, industrial, or government, the impact could easily go beyond financial losses due to work stoppage. For example, if confidential patient data is exposed — a breach of HIPAA requirements — the event could trigger investigations, digital forensics, and litigation.
If a customer is breached, the MSP will be questioned and required to participate in any investigations. If the customer has cyber insurance, the insurance company will do its own investigation before paying out against the claim. On average, the cost of a data breach is $148 per record. This cost, combined with downtime and work stoppage, would be devastating to most businesses, but especially a small business.
Strengthening security postures
As you think about how to strengthen your customer’s security posture, it’s important to realize that this is not something that you can throw a bunch of tools at to fix. Instead you should begin with people and processes. As estimated in the same Ponemon research study, 54 percent of data breaches are the result of employee or contractor negligence. This correlates with nearly half of the attacks being executed through phishing and social engineering.
Conducting security awareness training is a relatively easy way to expand your services while reducing your customer’s risk.
An even more effective tactic is performing a cybersecurity risk assessment for your customer. This will help to identify gaps in your customer’s critical security controls and determine actions to overcome any vulnerabilities. Most importantly, it will give you the opportunity to have a conversation about the risks, who owns it, and what needs to be done to address it.
Having honest conversations with your customers about risks and vulnerabilities will help you protect their business as well as your own. Regardless of the services that you offer, your customers will hold you responsible for keeping them secure and protecting their data.
Photo: baranq / Shutterstock