Many SMBs are operating under a false sense of security.

Edward Gately, Senior News Editor

February 24, 2020

10 Min Read
Cybersecurity Roundup, security roundup
Shutterstock

Despite constant headlines of breaches and warnings that cybercriminals aren’t strictly going after big targets, many SMBs still aren’t taking cybersecurity seriously enough.

New research commissioned and published by BullGuard revealed an alarming number of small businesses in the United States and United Kingdom are not prepared for a potential cyberattack or breach.

One-third of companies with 50 or fewer employees report using free, consumer-grade cybersecurity, and one in five companies uses no endpoint security. Additionally, 43% of SMB owners have no cybersecurity defense plan in place at all — leaving their most sensitive financial, customer and business data – and ultimately their companies – at significant risk.

The study also revealed some glaring discrepancies between what SMB owners believe versus what’s actually occurring in the market. Nearly 60% of SMB owners believe their business is unlikely to be targeted by cybercriminals; however, the results revealed that almost 19% of SMB owners have suffered from a cyberattack or data breach within the past year.

Once breached, one in four (25%) SMB owners said they had to spend $10,000 or more to resolve the attack, which could be potentially devastating for a small company. As for time lost, one-half of SMB owners said it took 24 hours or longer to recover from a breach or cyberattack, while one-quarter reported they lost business as a result, and almost two in five said they lost crucial data.

To find out more about why many SMBs are lax when it comes to cybersecurity, we spoke with Paul Lipman, BullGuard’s CEO.

Channel Futures: Why are so many SMBs still not taking cybersecurity seriously?

Lipman-Paul_BullGuard.jpg

BullGuard’s Paul Lipman

Paul Lipman: Many SMBs are operating under a false sense of security as larger companies attract most of the media attention when it comes to cybercrime and hacking. In reality, SMBs are enticing targets for hackers. Large corporations invest heavily in internet security systems, typically making it challenging for hackers to breach their networks. They also have the financial resources and workforce to monitor and address such threats compared to smaller organizations. Small businesses are not immune to cyberattacks and data breaches, and are often targeted specifically because they fail to prioritize security and have limited resources available.

Smaller companies may have less data to steal, but if successfully hacked, they can provide a tunnel into the networks of larger companies with which they work. And as phishing targets, they are much more vulnerable than their larger counterparts who have first-line defenses, sophisticated firewalls, intrusion detection systems and sandboxes that are all overseen by 24/7 monitoring.

CF: What are the dangers of relying on free consumer cybersecurity solutions?

PL: One of the last things SMBs think about is cybersecurity. By shortchanging cybersecurity, they are putting everything they’ve worked for at risk.

Additionally, for consumers, as much as free public Wi-Fi is appealing, it can also be risky and unsafe. Since it’s a free service, its use can be by anyone, including hackers, predators, spies and all sorts of cybercriminals. You never know who is sharing the public Wi-Fi connection with you and what their intentions are. There are a number of free and paid VPNs available. Though free VPNs can reduce the risks associated with public Wi-Fi, they do have security limitations. As such, it’s much better to invest in a paid VPN service to ensure maximum protection.

CF: What can MSSPs and other cybersecurity providers be doing to help these SMBs?

PL: Service providers deliver value in three key areas. First, in recommending …

… appropriate security services that align with the needs of their SMB customers — from firewalls, data backup infrastructure, endpoint security and network controls. Second, the service provider is able to deliver the critical monitoring services that an SMB will typically not have the staff or expertise to manage in-house. Third, prevention is only one half of the story. If a breach does occur, the service provider brings a wide array of capabilities, experience and tools to bear in rapidly identifying and remediating any threat before it can cause irreparable harm to the SMB’s business.

CF: How difficult would it be for these SMBs to establish a cybersecurity defense plan?

PL: The simple answer is that basic cybersecurity is actually quite straightforward. Establish an offsite backup plan, ensure that you are using commercial grade cybersecurity tools on all components of your network, keep these tools continually updated, and train your staff on cybersecurity awareness and behaviors. Although this seems easy to a technologist or cyberprofessional, the typical SMB owner is neither — which is why it is critical for SMBs to leverage their IT service providers and/or MSSPs to ensure that they are adequately protected against today’s cyber threats and risks.

CF: Did the survey find any encouraging signs among SMBs?

PL: While the survey results pointed overwhelmingly that SMBs need to be more aware and better educated on the dangers of cybersecurity threats and take action, there were a couple of encouraging statistics.

Out of the U.S.-queried respondents, 80% said they have never had to let an employee go because he or she was responsible for a cyberattack or data breach. And when U.S. employees’ devices become infected because of an attack, [nearly 86%] of respondents noted they were able to successfully clean the device before any harm was done.

While all hope is not lost, these stats still reveal that most SMBs are taking a reactive rather than a proactive approach to security. SMBs face a multitude of threats and cyberattacks.

2020 Olympics Big Target for Cybercriminals

The Cyber Threat Alliance (CTA), founded by Check Point Software Technologies, Cisco, Fortinet, McAfee, Palo Alto Networks and Symantec, has published its first joint Threat Assessment focusing on the 2020 Olympics in Tokyo.

The assessment provides a summary of the threat environment facing the 2020 Olympics as well as recommendations for the Tokyo Organizing Committee as they prepare for the games.

Among the highlights from the report:

  • Nation-state actors pose the highest threat and are most likely to conduct disruptive attacks and disinformation campaigns against the Olympics. This includes targeted data leaks, disruption of events with DDoS attacks, compromising systems with ransomware, or affecting physical infrastructure.

  • Based on historical targeting of the Olympics, the alliance assesses that anti-doping agencies and experts, and services supporting the game’s operations and logistics (such as Wi-Fi networks and ticketing systems) are also at high risk of compromise.

  • Other targets could include tourists and spectators, supply chain and infrastructure providers, and Japanese officials and partner governments.

  • Cybercriminals will be highly active due to the large number of potential victims, and cyber-enabled scams and other criminal activity already are occurring.

  • The alliance recommends that the organizing committee, Japanese government and other entities supporting the Olympics focus their current efforts on implementing best practices, information sharing, coordinated planning around cybersecurity incidents, and regular examination of critical systems.

CTA recommends that …

… anyone with responsibility for Olympics-related cybersecurity review this report for actions to further improve their security posture.

“Russian, North Korean and Chinese state-sponsored adversaries likely pose the most significant threats to the games given their prior attack history, reputations as formidable actors, and geopolitical tensions,” it said. “Comparatively, CTA judges that Iran is less likely to conduct Olympics-related cyberthreat operations. Despite Iran’s history of conducting offensive cyber campaigns globally, we assess that it is not in Tehran’s strategic interest to compromise the Tokyo Games or affiliated entities.”

Sophos Launches Xstream Version of XG Firewall

Sophos has introduced a new Xstream architecture for its XG Firewall with transport layer security (TLS) traffic decryption capabilities aimed at eliminating security risk associated with encrypted network traffic.

XG Firewall now also features AI-enhanced threat analysis from SophosLabs and accelerated application performance.

Malone-Erin_Sophos.jpg

Sophos’ Erin Malone

Erin Malone, Sophos’ vice president of North America channel sales, tells us XG Firewall with its new Xstream architecture is the most adaptive next-generation firewall available today – and the “most transformative version of XG Firewall that we’ve ever released.”

“Channel partners have a significant opportunity to improve their customers’ protection and grow network security revenue opportunities,” she said. “This new version of XG Firewall helps them do exactly that, establishing themselves as trusted security advisers and service providers to their customers in a way that is convenient, intuitive and scalable. For example, Sophos XG Firewall now offers SophosLabs-in a-box threat intelligence that channel partners can use to educate and support customers, as well as AI-enabled sandboxing for suspicious files and up-to-the-minute, white- and blacklisting. New reporting capabilities also present this information to partners and their customers in an easy-to-understand green, yellow or red-light report.”

Unlike most firewalls that are unable to inspect encrypted traffic without causing applications to break or degrade network performance, Sophos XG Firewall processes network traffic at “near wire speed” for improved performance and overall security, Malone said. Channel partners can immediately deploy TLS inspection without concerns over performance or breaking incompatible devices on the network, and they can turn it on for different parts of the network with flexible policy setting options, she said.

“Sophos XG Firewall now offers direct, central management in the cloud through Sophos Central,” she said. This allows partners to connect and manage multiple security frameworks for customers, anywhere, anytime through a single pane of glass. With Sophos’ unique synchronized security approach, Sophos XG Firewall works together with Sophos’ entire portfolio of next-generation cybersecurity solutions for real-time information sharing and threat response. It’s a game changer for channel partners.”

SentinelOne Raises $200 Million in Latest Funding Round

SentinelOne, the autonomous endpoint protection company, has raised …

… $200 million in Series E funding led by global venture capital and private equity firm Insight Partners.

The round increases SentinelOne’s valuation to $1.1 billion. The funding will allow SentinelOne to continue accommodating customer demand and accelerate growth. Leveraging patented behavioral and static AI models, SentinelOne unifies endpoint protection (EPP), endpoint detection and response (EDR) with ActiveEDR, IoT control with SentinelOne Ranger, and container and cloud-native workload protection into the Singularity Platform for autonomous protection.

Mackie-Tim_SentinelOne.jpg

SentinelOne’s Tim Mackie

Tim Mackie, SentinelOne’s vice president of worldwide channels, tells us since channel is a “core component” of his company’s business, part of this Series E will benefit the partner base through additional promotions and program enhancements in the way of margins, and financial benefits tied to performance and co-investment.

“The program and promos are investment and performance based, the more a partner invests, and the more successful they are in promoting and selling SentinelOne products, the more margin they will make,” he said. “This funding will allow us to further expand and enhance our Singularity platform to ensure that SentinelOne remains and becomes even more competitive. We will also use the funding to ‘partnertize’ our managed detection and response (MDR) service, which will allow partners, who qualify, the ability to compete deeper with their offerings, giving us both more scale.”

“Competition in the endpoint market has cleared with a select few exhibiting the necessary vision and technology to flourish in an increasingly volatile threat landscape,” said Teddie Wardi, managing director at Insight Partners. “As evidenced by our ongoing financial commitment to SentinelOne along with the resources of Insight Onsite, our business strategy and ScaleUp division, we are confident that SentinelOne has an enormous opportunity to be a market leader in the cybersecurity space.”

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like