69% of SMBs report their organizations face critical and expanding cybersecurity threats, making 24/7 coverage essential to mitigating cyberattacks
“SMBs face the same threat landscape as larger companies, but with fewer people and more limited budgets and security expertise. Countering these threats requires an external partner to help”
Cybercriminals and threat actors work around the clock, with attacks originating from around the world. Therefore, all businesses, including SMBs, need to be always on alert for new threats and available to respond at any moment to an incident. The study, Attackers Don’t Sleep, But Your Employees Need To, explores where SMBs are in their security operations maturity journey. Of those with an internal SOC, 64% have 10 or fewer employees (and almost a third have 5 or fewer). Those operating a purely internal SOC and attempting to operate 24/7 run the risk of exhausting their employees.
ITechnology Cloud News: Huawei Facilitates Operator Cloud Transformation to Unleash the Value of Connectivity
The right partners are crucial to security operations
Despite critical and expanding cybersecurity threats, SMBs struggle to fill internal security technology and staffing gaps, leaving them with serious resource constraints throughout the threat management lifecycle. The study found that the best way for SMBs to seal internal security gaps is through reliance on external partners, especially those that can truly act as extensions of their own teams. SMBs are looking to engage with outside partners that can offer close collaboration during incidents (52%) and to fill internal skill gaps (47%). Additionally, the ability of external partners to help round out SMB cybersecurity capabilities not only mitigates risk to the business, but also helps satisfy cyber insurance requirements, according to 42% of respondents.
“SMBs face the same threat landscape as larger companies, but with fewer people and more limited budgets and security expertise. Countering these threats requires an external partner to help,” said Doug Howard, CEO of Pondurance. “What’s impressive about the study’s findings is that SMBs appear to have a firm grasp on the benefits of engaging external partners to help them mature their security operations practices to mitigate risk. But it takes the right kind of partner to ensure that SMBs realize these benefits. Pondurance has developed its security and advisory services with a deep understanding of the needs of smaller organizations for both best-in-class security technology and the people-expertise to provide 24/7 cybersecurity coverage. It’s literally our mission to ensure that every organization can detect and respond to cyberthreats, regardless of size, industry or current in-house capabilities.”
The study found that most SMBs lack the internal tools and headcount to continuously monitor and respond to threats. Sixty-seven percent of SMB respondents report that engaging external security operations partners is crucial to maturing their security operations practices. By engaging the right security operations partners, respondents expect to see increased customer trust (49%), reduced risk (47%), increased revenue (45%), improved efficiencies (44%) and increased employee engagement (44%).
ITechnology Cloud News: Sumo Logic Delivers 3-Step Onboarding for Kubernetes Observability
SMBs benefit greatly from managed and consulting services
While very few respondents in this study report struggling with a lack of executive leadership when it comes to cybersecurity issues, respondents report lacking the right tools (36%), bandwidth to work proactively (31%), cyber skills (42%) and employee awareness (41%) to deal with growing cyber threats.
In response, the study found that SMBs are turning to external partners to elevate their detection and response capabilities. The top tools and services SMBs plan to implement in the next 12 months are Managed Detection and Response (MDR) at 38%, Extended Detection and Response (XDR) at 47%, and Digital Forensics and Incident Response (DFIR) at 48%.
SMBs are also not looking for technology alone to address their needs. When asked about their cybersecurity operations budget allocation, respondents report spending 40% on technology/platforms and 60% on managed and consulting services. The combination of technology and service is important, with technology streamlining the work of existing employees and support services helping to expand team bandwidth and expertise.
ITechnology Cloud News: Dgraph Secures $6 Million in Seed Round with New Leadership
[To share your insights with us, please write to sghosh@martechseries.com]