Are most organizations still tone-deaf when it comes to data and network protection? Despite practically constant news coverage of IT breaches and ransomware attacks, relatively few small businesses, non-profits or even government agencies seem as concerned with the threat as they should be.
Are they reading the national news reports, which frequently highlight just the Fortune 500 companies and large institutions that have been affected by these attacks? Few of those stories cover the small business community or organizations not located in high-profile metropolitan areas. Many might think that rural SMB organizations are immune to cybercrime.
Despite the misperceptions perpetuated by media, ransomware does not discriminate based on size or location. Sure, they may try to target those with deeper pockets, but enterprise companies are often better prepared for these battles. Most of these organizations fall under corporate compliance mandates and their security risks become a matter of public record, so their management teams have no choice but to increase their protection. The reality is that enterprise leaders have come to understand the business-critical nature of these protections today.
Unfortunately, many small businesses haven't come to the same realization yet. The owner of a small manufacturing plant in rural Pennsylvania may not have much in common with Merck Pharmaceuticals or Melendez (the conglomerate that owns Nabisco and Cadbury), both recent victims of a massive ransomware attack. After all, why would an international cybercriminal target their modestly profitable business when those other companies have billions in the bank?
What some fail to realize is that the SMB is becoming the low hanging fruit. Not only are their defenses more susceptible due to fewer investments, but the success of past ransomware attacks is bringing out a multitude of new players and opportunities. The threat is growing, and cybercriminals have the channel's prime audience in their crosshairs.
Consider this:
- While WannaCry and Petya caused less damage than initially projected, cyber criminals appear to be improving their methods based on previous failures. Some insurers expect a multi-billion-dollar event to take place in the coming months and a significant number of small businesses will likely be affected.
- As cloud adoption increases, advanced security needs rise. In CompTIA's recent report, The Evolution of Security Skills, 71% of the businesses identified cloud implementations as a higher priority over the past two years. How many of your SMB prospects are properly securing their infrastructure and backing up their data, and continually monitoring for potential threats?
- Many enterprise organizations implemented end user training programs over the past decade, with mid-size and small businesses lagging in that area. With many breaches and ransomware attacks directly attributed to end user error, companies can no longer afford to ignore the value of continually updates IT security training.
Switch to Offense
The IT industry is making great strides when it comes to cyber security. Over the past couple years, many have even started adopting a hot new term: MSSP (Managed Security Services Provider). Though rarely, if ever, used with customers and prospects — who tend to get a "deer in the headlights" look whenever the discussion turns technical — IT firms have started using it internally to describe their advanced protection offerings.
With the rise in hacking and ransomware attacks, every MSP should consider what adding that extra "s" means, even if not in the literal sense. Like any managed service, the focus is on being proactive, adding tools and protection measures that help providers identify and rectify potential issues before they negatively affect their clients' systems and productivity.
The definitions for an MSSP tend to vary, with some limiting the designation to ISPs and others focused on the tools they use, including security monitoring and management systems. The increasingly more accepted description begins with those technical competencies and layers in compliance, assessment and training capabilities.
Some MSSPs also highlight their security policy development and end user training skills — a growing opportunity in certain vertical markets. Those comprehensive offerings are what the SMB needs in 2017.
The implications for providers, if done well, is greater client retention, enhanced marketability, and, of course, bigger profit potential.
Are you willing and able to become that trusted security expert? The experienced professional who can keep businesses off cybercriminals' ransomware hit list?
If not (or not sure), get involved with the CompTIA IT Security Community. You'll have an opportunity to interact with top professionals in the field and gain access to a wealth of related best practices, tools, and practice-building programs.
Brian Sherman is president of Tech Success Communications, a channel-related content and social media development firm. He served previously as the chief editor at Business Solutions magazine and senior director of industry alliances with Autotask. Contact Brian at [email protected].