https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Cybersecurity Reseearch

ISC2: Cyberattacks Unfairly Blamed on Small Businesses

  • Written by Edward Gately
  • June 20, 2019
Large enterprises are overwhelmingly confident about their small business partners’ cybersecurity practices.

New ISC2 cybersecurity research contradicts the widely held belief that small businesses serve as the easiest conduit for cyberattacks on large enterprises.

The association, which provides cybersecurity training, surveyed more than 700 respondents at both small businesses and large enterprises to learn how data sharing risk is perceived. One-half of large enterprises view third-party partners of any size as a cybersecurity risk, but only 14% have experienced a breach as the result of a small business partner, while 17% have been breached as the result of working with a larger partner.

Contrary to popular belief, large enterprises are overwhelmingly confident about their small business partners’ cybersecurity practices, and 95% have a standard process for vetting their suppliers’ cybersecurity capabilities.

Wesley Simpson, ISC2’s COO, tells us the findings provide MSSPs and other cybersecurity providers a “conduit to have discussions with their customers about the perceived responsibility inherent in shared data environments in order to create a transparent working relationship.”

ISC2's Wesley Simpson

ISC2’s Wesley Simpson

“Shedding light on the kinds of poor cybersecurity habits that lead to breaches can position an MSSP as an educated authority on data security,” he said. “It can also help to reframe how customers view their supply chain so that they not only give smaller businesses a fighting chance in the procurement process, but they start to ask the right questions about the best practices that third parties of all sizes employ, and turn the lens on themselves as well.”

If prospective enterprise clients traditionally have viewed small businesses as riskier to do business with than larger competitors, there’s a high probability that these SMB providers have lost out on contracts that they were qualified for, simply due to the reputation of their segment, Simpson said.

“Likewise, when breaches do occur, it’s conceivable that a small-business partner could receive more scrutiny than is warranted due to the belief that they have less sophisticated cybersecurity practices,” he said.

Nearly two-thirds of large enterprises outsource at least one-quarter of their daily business tasks, which requires them to allow third-party access to their data. That can include anything from research and development, to IT services and accounts payable. This access is necessary as large enterprises scales their operations, but the research shows access management and vulnerability mitigation are often overlooked.

Some 34% of large enterprises say they have been surprised by the broad level of access a third-party provider has been granted to their network and data. Also, 39% of small businesses expressed the same surprise about the access they were granted when providing services to large enterprise partners.

Even worse, 35% of large enterprises also admitted that when alerted by a third party to insecure data access policies, nothing changes in the large enterprise’s practices. And more than one-half of small business respondents said they still had access to a client’s network or data after completing a project or contract.

Some 54% of small businesses have been surprised by some of their large enterprise clients’ inadequate security practices, and 53% have provided notification of security vulnerabilities they’ve discovered in large enterprise networks to which they have access, according to ISC2.

The report also found that while small businesses have fewer employees overall, the proportion of their cybersecurity staff isn’t necessarily lower than in large enterprises. In addition, while they may have differing tool sets, small businesses and large enterprises approach data protection similarly by focusing on many of the same cybersecurity best practices, ISC2 said.

“Our research indicates that there are lax practices that could negatively affect organizations on both sides of the partnership equation, and this represents a warning to and an opportunity for MSSPs,” Simpson said. “Close adherence to access management policies is critical to make sure that only those who should have access to data do, especially when a working relationship or contract ends. When security vulnerabilities are reported, an immediate mitigation process should be launched to ensure data integrity.”

Tags: MSPs Endpoint MSSP Insider Network Training and Policies

Related


  • Unleash
    Flashpoint Unleashes New BRI Capabilities for MSSPs
    MSSPs are anxious to beef up their threat hunting and incident response capabilities.
  • Cloud computing information technology concept, data processing and storage platform connected to internet network, specialist engineering system
    SMB Cybersecurity Fears Mounting for 2020
    Thirty percent of SMBs will look to outsource more of their security in 2020, according to an AppRiver report.
  • Four, 4
    How MSPs Can Help Mitigate 4 Common SMB Cybersecurity Issues
    Increased employee training and using VPNs for remote connections are two ways to address security.
  • Flex
    SonicWall Beefs Up MSSP Security Offerings
    SonicWall MSSPs soon will have the option of flexible monthly pricing.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cybersecurity Roundup: Risk Based Security, Palo Alto Networks, Zix-AppRiver and More
  • SMBs Are Paying the Price of Cybercrime’s Evolution
  • Microsoft Targets New Azure Sentinel SIEM for Broader MSSP Market
  • Is the Financial Industry Abandoning Cloud?

Galleries

Images: Channel Evolution Europe Featuring Avant, 8×8, Sophos, CenturyLink, More

December 5, 2019
view all

From the Industry

The Importance of Strengthening Your Cyber Security Culture

December 4, 2019

Don’t Let Lack of HIPAA Compliance Make Your Business Sick

December 4, 2019

Using ADR to Help Secure Your Business First

December 4, 2019
view all

Webinars

Why Business Value Should Be Your First Concern and How to Create More of It

December 12, 2019

From MSP to MSSP: Seizing the Managed Security Opportunity

December 17, 2019
view all

White Papers

Secrets to Sustainable Growth – for MSPs, by MSPs

December 4, 2019

Why Managed Security Presents A Golden Opportunity for MSPs

November 26, 2019

The Ultimate Guide to On-Site Managed Services

November 26, 2019
view all

Events

Channel Partners Conference & Expo

March 9, 2020 - March 12, 2020
view all

Videos

FASTCHAT: Why an MSP Needs to Extend Detection and Response Beyond Endpoint Security

October 22, 2019

Ingram Micro: It’s Up to Our MSP Partners to Keep Clients ‘Out of the Headlines’

October 14, 2019

Liongard: Here’s How We ‘Roar’ for the MSP Community

October 14, 2019
view all

Twitter

ChannelFutures

.@IngramMicroInc promoted Paul Bay and three others. dlvr.it/RL6Flb https://t.co/Zb5Q07xqsQ

December 11, 2019
ChannelFutures

.@watchguard report shows old Equifax vulnerability was top network attack target in Q3. #cybersecurity… twitter.com/i/web/status/1…

December 11, 2019
ChannelFutures

.@Cisco's five-year plus R&D efforts for the next internet include #Cisco Silicon One technology and the 8000 Serie… twitter.com/i/web/status/1…

December 11, 2019
ChannelFutures

.@Netsurion announces integration with @itglue for improved #MSP capabilities. #cybersecurity… twitter.com/i/web/status/1…

December 11, 2019
ChannelFutures

Are you ready for 2020? The new year is just weeks away and @Gartner_inc has come out with the top #techtrends for… twitter.com/i/web/status/1…

December 11, 2019
ChannelFutures

In an Art of Mission Keynote, Guy Kawasaki explains 10 tips that #MSPs can use to improve their business. Those tip… twitter.com/i/web/status/1…

December 11, 2019
ChannelFutures

.@kaspersky research shows spike in #ransomware attacks on municipalities. dlvr.it/RL5YSM https://t.co/5lnFsTNzdp

December 11, 2019
ChannelFutures

bit.ly/36nuaDY twitter.com/Channel_Online…

December 11, 2019

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Cookie Policy
  • Privacy
  • Terms
Copyright ©2019 Informa PLC. Informa Telecoms & Media Limited is a company registered in England and Wales with company number 00991704 whose registered office is 5 Howick Place, London, SW1P 1WG. VAT GB365462636. Informa Telecoms & Media Limited is part of Informa PLC.
✕

channel futures Logo

Want to stay updated? Sign up for our Channel Futures newsletters today.

Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this message, you are consenting to our use of cookies.
X