Cybersecurity: How Small and Medium Sized Businesses Can Survive
- 12 January, 2015 11:57
Cybersecurity chiefs aren’t the only ones worrying about hackers these days. Anyone who uses a credit card or stores family photos in the cloud has nagging concerns about data security. Small business owners are worried, too.
The costly fallout from recent high profile data breaches has prompted business owners of all stripes to make data and infrastructure security a higher priority. Small and medium size businesses are under particularly intense pressure to get effective security measures in place, but often lack the internal know-how and financial resources to implement them effectively.
Small and Medium Size Businesses Too Big to Ignore
Small and medium size businesses are a driving force in today’s global economy as they account for a major portion of gross domestic product (GDP) in many countries. In the U.S., according to Deloitte, the midmarket accounts for more than 40 percent of GDP. Technology companies have taken note; more major service and software providers are tailoring their offerings to smaller organisations.
As the frequency and sophistication of cybercrime attacks intensifies, it has become clear that small and medium size business vulnerability is shared by larger enterprises which depend on these businesses as part of their supply chain or vendor ecosystem. Government and industry security requirements have begun to impact smaller businesses; they must prove they are taking steps to secure data, transactions, and infrastructure—or risk losing partners and clients.
Clearly, cost-effective access to complete cybersecurity solutions is essential—not only to individual companies, but to the health of the overall economy and the security of everyone’s data. Small and medium size businesses tend not to have the budget, resources or skills to tackle the increasingly complex security challenge on their own, and are increasingly turning to Managed Service Providers (MSPs) to protect their data, network, employees, and customers from cybercrime.
Cloud-Based Security Services
Multi-tenant, cloud-based security platforms are emerging as the simplest and most cost-effective way to deliver managed security services that protect data and devices. A new PwC report highlights the seriousness of the challenges faced by SMBs as they struggle to catch up to new security requirements and protect their business and customers from potentially disastrous breaches. PwC’s recommendations include procuring cybersecurity insurance and outsourcing security tasks to managed services. The report points out that as large companies tighten their security measures and become harder to breach, cybercriminals turn to smaller organisations as easier targets, using them as gateways in to their larger partners.
In a recent survey, security chiefs reported that, the network perimeter is becoming harder to control as it becomes stretched due to increased use of cloud-based technologies and services. Combined with general pressure to ramp up security measures, this greater focus on security in the cloud means IT spending will shift to blended and integrated solutions offered by managed service providers.
Best in class cloud solutions do not require investments in hardware, are readily scalable, and offer “single pane of glass” consoles to simplify deployment and management. Multi-layered solutions enhance threat intelligence across multiple vectors (mobile, web, email and endpoint), broadening detection capabilities and eliminating the gaps and complexity that result from multiple disconnected solutions. Traditional perimeter solutions don’t account for the increasing permeability of the network and can quickly become ineffective if internal IT resources are in short supply.
Global Security for Global Businesses
Given the increasingly global and mobile nature of today’s businesses, MSPs must deploy security solutions that extend to remote locations and cover roaming and mobile users. Even for customers that are physically located in a distinct geographic region, components of their business—distribution networks, partners, supply chains—inevitably will extend beyond the traditional network perimeter. The introduction of Bring Your Own Device (BYOD) programs and the relatively uncontrolled proliferation of mobile devices and operating systems brought into the workplace further complicate this picture.
The traditional network perimeter, protected by a firewall and gateway, has thus been replaced with an interconnected set of systems and “common-use” networks, making it increasingly difficult to identify the edge of the network, and harder to defend as a result.
Small and Medium Size Businesses Need Help Managing Complexity
Most small and medium size businesses simply do not have the financial or staffing resources to effectively deploy their own cybersecurity systems in this increasingly complex environment. MSPs providing security solutions and guidance to their clients should carefully consider how to provide protection beyond the corporate firewall. Many organisations do not have a sizable IT team; they need a solution that is simple to set up, run, and monitor with automated controls, threat identification and response.
An end-to-end solution from a single vendor that includes web, endpoint and email security substantially simplifies monitoring and compliance reporting. A complete solution should also include the ability to enforce content policies, limit web site and application use, manage user access privileges, protect and monitor mobile users, and ensure inbound and outbound data compliance, using a single set of integrated security policies.
Businesses relying on MSPs require a global network of secured Internet access points if they have traveling employees, distributed supply chains, or remotely located offices. Multi-layered, cloud-based security solutions are a powerful and relatively new option for the midmarket and small and medium size businesses. As they play catch-up in the cybersecurity game, they will turn to comprehensive, flexible, and easily managed solutions to sustainably protect their critical assets around the world.
About the Author
Paul Lipman is the Chief Executive Officer of iSheriff. He brings to the role more than two decades of executive and operational leadership experience at software, services and ecommerce companies.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)