SMB Cybersecurity - 2020 Trends and Findings

Large enterprises have access to many annual surveys, trends, and guidance on protecting their organizations from cyber threats.  These insights are great for the Fortune 500 crowd, but what about everyone else?

Recently, SilverSky surveyed our customers, and we’re sharing some of our findings to serve as both a sounding board and a guidepost for non-G2000 organizations.  As we work exclusively with small- and medium-sized organizations (SMB), SilverSky has a different perspective of the market than you’ll get from most other sources.  In other words, if you work in a credit union, a healthcare office, or a specialty retailer and you are concerned with compliance, ransomware attacks, or simply managing your networks and productivity applications, then this article is for you!

Of our more than 120 respondents, roughly 60 percent represent IT functions and approximately 40 percent perform business functions.  Inline with SilverSky’s current customer base, the financial services sector is the largest industry represented. However, all other key verticals participated, including healthcare, manufacturing, and retail.   We also had the opportunity to sit down with a smaller group of customers to gather additional context that cannot be thoroughly gleaned from a written survey.

So what did we find?  Rather than go through every detail, we’ll hit a few key trends and observations.

SMB Cybersecurity Trends 2020

SMB Cybersecurity Trends Finding #1:  Treading water in the yin-yang of cyber.  While there are many benefits that businesses and consumers derived from government and industry regulations, the effort required to comply is becoming an increasing burden, particularly for smaller organizations as they face accelerated change in this arena.  Some of the luxuries enjoyed by large enterprises, like a dedicated Chief Compliance Officer or a standing incident response team, are simply another hat that security and compliance professionals in smaller organizations must wear.  While this may sound benign, it presents a real risk—more time spent on compliance means less to spend on proactive security. SilverSky’s financial services clients value our FFIEC accreditation for this reason, just as healthcare organizations value our ability to help them achieve compliance with HIPPA and other regulations.  Small organizations cannot cost-justify hiring full-time specialists to support their security and compliance efforts, so having the right partner is critical to their success.

SMB Cybersecurity Trends Finding #2:  Minding the gap.  Security and compliance professionals credited their leadership teams for understanding, supporting, and resourcing their cybersecurity efforts—only 3 percent of our survey respondents didn’t share this view.  But when asked about exposures and having the skills and resources, the picture is quite different.  Almost a quarter—23 percent—acknowledged their businesses lacked compliance understanding and had exposures, and 17 percent indicated their organizations lacked the skills and resources needed for compliance and to maintain their security plans.  Customer discussions confirmed the obvious here.  First, non-enterprise organizations are either too small to justify staffing dedicated security expertise or struggle even more than large ones to hire and retain security and compliance talent.  Second, with a skill and capacity gap, often spending time on compliance efforts comes at the expense of security.  Bad guys are well aware that smaller prey may be much easier to breach, and they aren’t bashful about opportunistically targeting their victims.  We all know a small business owner who’s been hit with a ransomware attack, and more public breaches such as the recent attack on the City of New Orleans, are becoming so commonplace that they are no longer front-page news.

SMB Cybersecurity Trends Finding #3:  Stayin’ alive.  Email still has its groove, both as a primary communication medium in the workplace and as the primary threat vector for outside attacks.  Two-thirds of those surveyed indicated email vulnerabilities were the main concern that keeps them up at night. To help them sleep at night, 87 percent currently use email protection technology to combat this threat.  While the ‘looseness’ of the email protocol makes it an easy target for even unsophisticated hackers, as organizations transition to cloud-based office productivity tools like Google’s G Suite and Microsoft’s Office 365, there are additional worries.  Apps aimed to make it easy for teammates to share and collaborate—think Microsoft OneDrive and Teams—are also relatively easy for bad actors to use for nefarious purposes.  In many cases the move to cloud-based productivity applications is inevitable, but you don’t have to do so in an exposed or risky manner.  Smart, risk-aware organizations are considering security as a primary need in their transition to cloud-based productivity.

SMB Cybersecurity Trends Finding #4:  Desire single provider.  Given the complexity of cybersecurity and regulatory compliance, large enterprises often address specific threats with ‘best of breed’ technology, and either has a large internal staff or ongoing relationships with system integrators to tie everything together.  Our survey respondents had a simpler need— a single provider for all of their primary security and compliance support needs.  There are a few reasons for this, and in general, they are pretty obvious.  First, to provide threat protection against multiple vectors requires coordination across different devices and systems.  Having a single partner like SilverSky, instead of dealing with numerous specialists, means that the partner, and not the company’s staff, provides most of the coordination along with monitoring, detection, and so on.  Second, it’s more cost-effective from procurement and ongoing vendor management perspectives to have fewer partners addressing these critical services.  Lastly, it’s trust.  A partner who is in it for the long term can complement what’s often a short-handed in-house cyber team. They can help your organization continuously improve as the threat landscape evolves and yield a much more attractive risk-reward profile than a more transactional approach to partnering.

In closing, while SMBs can learn from the guidance and trends tailored to large enterprises, they have to be pragmatic and filter what does and doesn’t apply to them.  Small businesses are scrappy by nature and have a different cost-risk-compliance equation than their enterprise peers.  Our customers, and organizations like them, need high-quality support, sophisticated technology, and expert compliance guidance to help them stay ahead of the curve.

 

Could your security team use expert help?  Are you concerned about compliance audits, ransomware attacks, or other cyber threats? Contact SilverSky to learn about our managed security services offerings.

 

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.