Closing the SMB security gap


Despite making up the vast majority of the economy, SMBs remain under-protected, according to security experts, unable to match the toolsets of larger organizations or compete for cyber skills.

On stage at TechSummit24 in Alpbach Austria, Brian Downey, VP of product management at Barracuda Networks, noted that under the EU’s definition, 50% of the region’s GDP is generated by SMBs.

The EU defines an SMB as a firm with under 250 employees and/or under €50 million (£42 million) in annual turnover, 99% of the companies in the region fit the criteria.

Klaus Gheri, VP of network security at Barracuda Networks, told ITPro he felt this definition was somewhat restrictive and covered what he considered the “low end” of mid-sized corporations.

He added that he didn’t feel staff count was a particularly helpful criterion, suggesting organizations that don’t have a CISO or a dedicated security team, for example, would be a better indicator of what constitutes an SMB.

Earlier this month, Stephen McPartland, author of the McPartland Review into Cyber Security and former national security minister, told ITPro he found 99% of all businesses in the UK could be classified as SMBs, and that, “many do not even have basic cyber hygiene.”

Downey cited stats from the World Economic Forum’s (WEF) Global Cybersecurity Outlook report which highlights the level of ‘cyber inequity’ between large and mid-sized corporations.

First among the indicators of this disparity is a glaring lack of digitalization in smaller companies, with only 40% of SMBs having bought cloud services in 2023, compared to 72% of large businesses.

Unable to afford the ‘best of breed’ security products used by their larger counterparts, the security tools smaller organizations have implemented are also less effective, according to the WEF.

The report found more than twice as many SMBs said they lack the cyber resilience to meet their critical operational requirements, compared to larger organizations.

SMBs are struggling to attract talent, MSPs could be the answer

To compound the disparity in cyber readiness, the WEF also found over three quarters of cyber attacks are focused on SMBs, with 2023 marking a 38% increase in attacks against midmarket organizations.

SMBs don’t have the skills to deal with this escalating attack surface either, according to the study, with only 49% of SMBs telling the WEF they believe they have the skills required to meet cyber security objectives. 

Moreover, only 21% of SMBs said they feel they can recruit skilled security staff, unable to compete with better-resourced, larger enterprises. 

Speaking to ITPro, Neal Bradbury, chief product officer at Barracuda Networks, said this is where channel, and specifically MSPs can step in to provide end users with the expertise they need, without having to compete in an increasingly tight cybersecurity labor market.

“Small businesses will never be able to hire or afford all the security expertise that they need, and so what you’re seeing is three out of four businesses that are partnering with somebody to do their security,” he explained.

“They’re also trained, they’ve got the specialized talent, and so outsourcing it is almost the better way to do it because you can actually have a better security posture by hiring a professional that knows how to do it. It puts the IT team and CIO more in the IT and the digital transformation for what keeps the business running.”

Bradbury added that added regulatory pressure will be a significant push factor forcing these businesses into making the investments to ensure they meet minimal security requirements, or risk facing hefty fines from authorities.

“A lot of compliance and regulation is driving these businesses, depending on what vertical they’re in, especially in the US and I know it might be even worse in Europe,” he noted.

“They have to have specific checkboxes that they satisfy, and so you have to meet it, you have no choice. So they’re going to have to partner with somebody, an IT professional that can help make sure that they can actually go and check those boxes.”


Source link
Exit mobile version