Cybersecurity: How Small and Medium Sized Businesses Can Survive

Cybersecurity chiefs aren’t the only ones worrying about hackers these days. Anyone who uses a credit card or stores family photos in the cloud has nagging concerns about data security. Small business owners are worried, too.

The costly fallout from recent high profile data breaches has prompted business owners of all stripes to make data and infrastructure security a higher priority. Small and medium size businesses are under particularly intense pressure to get effective security measures in place, but often lack the internal know-how and financial resources to implement them effectively.

Small and Medium Size Businesses Too Big to Ignore

Small and medium size businesses are a driving force in today’s global economy as they account for a major portion of gross domestic product (GDP) in many countries. In the U.S., according to Deloitte, the midmarket accounts for more than 40 percent of GDP. Technology companies have taken note; more major service and software providers are tailoring their offerings to smaller organisations.

As the frequency and sophistication of cybercrime attacks intensifies, it has become clear that small and medium size business vulnerability is shared by larger enterprises which depend on these businesses as part of their supply chain or vendor ecosystem. Government and industry security requirements have begun to impact smaller businesses; they must prove they are taking steps to secure data, transactions, and infrastructure—or risk losing partners and clients.

Clearly, cost-effective access to complete cybersecurity solutions is essential—not only to individual companies, but to the health of the overall economy and the security of everyone’s data. Small and medium size businesses tend not to have the budget, resources or skills to tackle the increasingly complex security challenge on their own, and are increasingly turning to Managed Service Providers (MSPs) to protect their data, network, employees, and customers from cybercrime.

Cloud-Based Security Services

Multi-tenant, cloud-based security platforms are emerging as the simplest and most cost-effective way to deliver managed security services that protect data and devices. A new PwC report highlights the seriousness of the challenges faced by SMBs as they struggle to catch up to new security requirements and protect their business and customers from potentially disastrous breaches. PwC’s recommendations include procuring cybersecurity insurance and outsourcing security tasks to managed services. The report points out that as large companies tighten their security measures and become harder to breach, cybercriminals turn to smaller organisations as easier targets, using them as gateways in to their larger partners.

In a recent survey, security chiefs reported that, the network perimeter is becoming harder to control as it becomes stretched due to increased use of cloud-based technologies and services. Combined with general pressure to ramp up security measures, this greater focus on security in the cloud means IT spending will shift to blended and integrated solutions offered by managed service providers.

Read more: Record-pace app sales reinforce urgency of authorities' mobile app privacy push

Best in class cloud solutions do not require investments in hardware, are readily scalable, and offer “single pane of glass” consoles to simplify deployment and management. Multi-layered solutions enhance threat intelligence across multiple vectors (mobile, web, email and endpoint), broadening detection capabilities and eliminating the gaps and complexity that result from multiple disconnected solutions. Traditional perimeter solutions don’t account for the increasing permeability of the network and can quickly become ineffective if internal IT resources are in short supply.

Global Security for Global Businesses

Given the increasingly global and mobile nature of today’s businesses, MSPs must deploy security solutions that extend to remote locations and cover roaming and mobile users. Even for customers that are physically located in a distinct geographic region, components of their business—distribution networks, partners, supply chains—inevitably will extend beyond the traditional network perimeter. The introduction of Bring Your Own Device (BYOD) programs and the relatively uncontrolled proliferation of mobile devices and operating systems brought into the workplace further complicate this picture.

The traditional network perimeter, protected by a firewall and gateway, has thus been replaced with an interconnected set of systems and “common-use” networks, making it increasingly difficult to identify the edge of the network, and harder to defend as a result.

Small and Medium Size Businesses Need Help Managing Complexity

Most small and medium size businesses simply do not have the financial or staffing resources to effectively deploy their own cybersecurity systems in this increasingly complex environment. MSPs providing security solutions and guidance to their clients should carefully consider how to provide protection beyond the corporate firewall. Many organisations do not have a sizable IT team; they need a solution that is simple to set up, run, and monitor with automated controls, threat identification and response.

An end-to-end solution from a single vendor that includes web, endpoint and email security substantially simplifies monitoring and compliance reporting. A complete solution should also include the ability to enforce content policies, limit web site and application use, manage user access privileges, protect and monitor mobile users, and ensure inbound and outbound data compliance, using a single set of integrated security policies. 

Businesses relying on MSPs require a global network of secured Internet access points if they have traveling employees, distributed supply chains, or remotely located offices. Multi-layered, cloud-based security solutions are a powerful and relatively new option for the midmarket and small and medium size businesses. As they play catch-up in the cybersecurity game, they will turn to comprehensive, flexible, and easily managed solutions to sustainably protect their critical assets around the world.

Read more: Risks in Retail: New POS Vulnerabilities and Malware

About the Author

Paul Lipman is the Chief Executive Officer of iSheriff. He brings to the role more than two decades of executive and operational leadership experience at software, services and ecommerce companies.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

Feb 3rd, Feb 4th, Feb 6th 2015

Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective. 

Register Today Seats are limited

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritySecurity Servicesdata securityCloudattacksfirewallemail securityCSO AustraliacybercrimeEnex TestLab

More about CSODeloitteEnex TestLabIT SecurityLipmanTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Paul Lipman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts