The SMB market in Europe and more specifically in Malta has always been the dominating market with very large numbers of businesses. Governments continue to support this market through various incentives, specifically to digitise and adopt cloud strategies. We saw such incentives pushed during the COVID-19 pandemic for SMBs to enable hybrid/remote work and increase contactless business. These incentives help businesses enhance their operations, grow and even enter the market more easily. BUT! there is darkness glooming on this market… The DARK SIDE of technology has spread, evolved, and widened its threat landscape. The number of attacks on SMBs doubled in a 12-month period.
So, what makes SMBs a target?
The cost of DIY security is HIGH, high enough to eat a big chunk out of any SMBs budget. While vendors are creating more affordable security products and services targeting SMBs there is still the element of skilled resources to govern such security products. Security cost has a cascading effect and is one of the biggest factors why SMBs score very low on their security posture and why they lack the general security awareness.
The risk attitude for faster growth. SMBs have one objective in mind, to grow, grow fast! It is due to the size of the market, to stand out from its competition. And more often than not they are blinded by this goal that shrug security completely. Therefore, SMBs are more likely to risk a security incident to save costs or invest in other parts of the business.
Low security awareness. Not all businesses are IT focused and while the demand for general security awareness is a must in today’s digital age, we continue to see statistics grow in the wrong direction. Microsoft security signal registered 50 million password attacks daily. Microsoft digital defence report indicated that most of the users on their cloud services are using weak authentication methods as only 20% of Microsoft users and 30% of global admins are using strong authentications such as MFA. US giant Verizon reported that 93% of breaches come through compromised credentials for small medium businesses.
No or low IT-security staff. But what can lead to such low security awareness? Unlike bigger enterprises, SMBs do not have the luxury to build security teams to guide and govern the security for the enterprise as already established security costs are high. Some may not even have an IT skilled person but a designate with IT knowledge.
SMBs target larger enterprises as customers and partners for growth. And vice-versa, larger enterprises target SMB providers for a more cost effective and focused services. This allows attackers to target SMBs to try gain access to larger enterprise. Hence why we have been seeing an upward trend of larger enterprises enforcing tougher due diligence or cybersecurity assessments on their suppliers. Market regulators could be another reason why larger enterprises are enforcing tougher security requirements from their suppliers.
With such enforcement we are now seeing the real picture that SMBs barely have any cybersecurity foundation nor recovery plans in the eventuality of a security breach. A security breach is NOT a matter of IF, it’s a matter of WHEN. And surveys show that 55% of SMBs are willing to pay the ransom, this can only mean that they do not have adequate security to prevent or recover from a breach.
An 82% increase in ransomware attacks registered in 2021, nearly doubled the quantity since 2020. Most ransomware attacks are purely for non-other than financial motive. In a local survey across multiple industries conducted by BMIT with IDC we have observed that 59% of the SMBs have suffered at least 1 ransomware attack.
The ransomware debate whether to pay or not to pay the ransom? is forever hanging on the head of the victims. A lot of businesses put themselves in the situation by not having adequate security or recovery plans.
Ransomware attacks/groups, encrypt or double encrypt the business data. Research has shown that on average businesses that paid the ransomware only got back 65% of their data. This due to a widely known fact that decryptors are buggy and regularly fail to decrypt the largest, most critical data files.
Why SMBs should seek MSSPs for their Cybersecurity journey
Certified security engineers are very hard to come by and thus why a single resource can put a big dent in your security budget or budget in general. MSSPs are equipped with skilled certified resources that can service and focus on multiple organisations. The cost of MSSP support is a fraction of the pay requested by a single resource. MSSP will also eliminate the hassle of searching, skilling and maintaining that resource. MSSPs can also provide advisory services and cost-management to tailor a cost-effective security solution to ensure you are not overpaying.
Dedicated & Efficient
Businesses should focus and dedicate their time on their product and services. Most businesses try to rely on existing resources such as an office IT administrator to be an expert in security. The security expertise requires dedication hence why MSSPs can be more efficient to deliver a strategic security roadmap tailored to your business needs.
To monitor your infrastructure and security round the clock “24/7” comes at a hefty price as you are required to build an operations centre or outsource it. Monitoring and Alerting is essential in security to react, prevent and recover from security incidents in a timely manner. MSSPs offer 24x7 Monitoring and support with proactive alerting and services to avoid security incidents before they happen. An MSSP can even act on your behalf to stop or recover from a breach.
Many times, businesses attempt DIY security utilising in-house hardware and resources to avoid MSSP services and costs. This is until the business realises the resources and expertise required to procure, implement, and support the relevant technologies and how vast security is within various technologies. Security goes beyond endpoint it is required on all enterprise network and infrastructure. Hardware or perpetual software has a lifetime of roughly 4 to 5 years before it becomes inefficient and most likely unsupported, therefore, deemed a security risk. MSSPs evolve with technology and always keep their infrastructure, software, resources relevant to the current market needs.
Most markets are regulated or quasi-regulated, as well as GDPR which cuts across all European businesses. Compliance needs are ever changing and requires that your business is compliant to evade fines or lawsuits. Even if not regulated you will come across a partner or customers that requires you to have specific standards. Most MSSPs comply with the majority of the required standards or compliance needs. Or can guide your business to implement the necessary processes, security policies and solutions. Taking on an MSSP can simply mean ticking a box when it comes to compliance.
SMBs are the most targeted businesses and there is no silver bullet when it comes to security incidents, a business will experience a breach, it’s only a matter of when, how prepared and how efficient it is to recover from the event. Cybersecurity has become a necessity in today’s business and an MSSP such as BMIT Technologies is more than an IT partner, it is also a technology advisor that can provide a strategic roadmap to enhance your business security posture. In conclusion, BMIT is a cost-effective choice for any small, medium business (SMB) to start their security journey. Reach out to start your journey.
Most Common Threats
- Vulnerability exploits
- Phishing / social engineering
- Unauthorised access
- Internal attack (Conscious and non-conscious)
Various reports indicate that social engineering is growing as almost 70% of data breaches are through phishing attacks while malware-related attacks are decreasing as one of the global leading vendors in endpoint security detected 62% of attacks in Q4 2021 being malware-free attacks.
How can BMIT Technologies help?
Every client we work with requires different solutions. So, we tackle each need with our expertise in technology, business strategy and innovation.
We propose and develop intelligent, secure infrastructure solutions, help build your internal capabilities and identify opportunities to enhance your business potential through the application of innovative technologies. This ensures a greater level of business management and progression.
Want to learn more about Why MSSPs are fuelling SMBs to reach their destination? Contact us and one of our experts will reach out and guide you accordingly.