https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Cybersecurity Reseearch

ISC2: Cyberattacks Unfairly Blamed on Small Businesses

  • Written by Edward Gately
  • June 20, 2019
Large enterprises are overwhelmingly confident about their small business partners’ cybersecurity practices.

New ISC2 cybersecurity research contradicts the widely held belief that small businesses serve as the easiest conduit for cyberattacks on large enterprises.

The association, which provides cybersecurity training, surveyed more than 700 respondents at both small businesses and large enterprises to learn how data sharing risk is perceived. One-half of large enterprises view third-party partners of any size as a cybersecurity risk, but only 14% have experienced a breach as the result of a small business partner, while 17% have been breached as the result of working with a larger partner.

Contrary to popular belief, large enterprises are overwhelmingly confident about their small business partners’ cybersecurity practices, and 95% have a standard process for vetting their suppliers’ cybersecurity capabilities.

Wesley Simpson, ISC2’s COO, tells us the findings provide MSSPs and other cybersecurity providers a “conduit to have discussions with their customers about the perceived responsibility inherent in shared data environments in order to create a transparent working relationship.”

ISC2's Wesley Simpson

ISC2’s Wesley Simpson

“Shedding light on the kinds of poor cybersecurity habits that lead to breaches can position an MSSP as an educated authority on data security,” he said. “It can also help to reframe how customers view their supply chain so that they not only give smaller businesses a fighting chance in the procurement process, but they start to ask the right questions about the best practices that third parties of all sizes employ, and turn the lens on themselves as well.”

If prospective enterprise clients traditionally have viewed small businesses as riskier to do business with than larger competitors, there’s a high probability that these SMB providers have lost out on contracts that they were qualified for, simply due to the reputation of their segment, Simpson said.

“Likewise, when breaches do occur, it’s conceivable that a small-business partner could receive more scrutiny than is warranted due to the belief that they have less sophisticated cybersecurity practices,” he said.

Nearly two-thirds of large enterprises outsource at least one-quarter of their daily business tasks, which requires them to allow third-party access to their data. That can include anything from research and development, to IT services and accounts payable. This access is necessary as large enterprises scales their operations, but the research shows access management and vulnerability mitigation are often overlooked.

Some 34% of large enterprises say they have been surprised by the broad level of access a third-party provider has been granted to their network and data. Also, 39% of small businesses expressed the same surprise about the access they were granted when providing services to large enterprise partners.

Even worse, 35% of large enterprises also admitted that when alerted by a third party to insecure data access policies, nothing changes in the large enterprise’s practices. And more than one-half of small business respondents said they still had access to a client’s network or data after completing a project or contract.

Some 54% of small businesses have been surprised by some of their large enterprise clients’ inadequate security practices, and 53% have provided notification of security vulnerabilities they’ve discovered in large enterprise networks to which they have access, according to ISC2.

The report also found that while small businesses have fewer employees overall, the proportion of their cybersecurity staff isn’t necessarily lower than in large enterprises. In addition, while they may have differing tool sets, small businesses and large enterprises approach data protection similarly by focusing on many of the same cybersecurity best practices, ISC2 said.

“Our research indicates that there are lax practices that could negatively affect organizations on both sides of the partnership equation, and this represents a warning to and an opportunity for MSSPs,” Simpson said. “Close adherence to access management policies is critical to make sure that only those who should have access to data do, especially when a working relationship or contract ends. When security vulnerabilities are reported, an immediate mitigation process should be launched to ensure data integrity.”

Tags: MSPs Endpoint MSSP Insider Network Training and Policies

Related


  • Spam
    Kaspersky Research: Russia Now No. 1 Global Source of Spam
    The most frequent targets of phishing attacks were online stores.
  • Cybersecurity Roundup
    Law Firm Cyberattack Exposes Tens of Thousands of Patient Records
    Cybercriminals prefer to target entities like law firms because of the enterprise data they possess.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.
  • Threats
    Despite SIEM Software Adoption, Threat Coverage Comes Up Short
    Enterprise SIEMs are unprepared for 84% of certain tactics and techniques.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Blame IT Pros for Data Privacy Failures?
  • MSSPs, Beware: Threat Analysis Group Warns of North Korean Social Engineering
  • Financial Sector Cyberattacks Rising with Bad Actors Raking in the Dough
  • Untangle Research: Breach Headlines to Prompt Increased Cybersecurity Spending

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 17, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Ready To Add Cutting Edge IoT Solutions To Your Portfolio?

  • 1
February 25, 2021

What Is The Value Of Distribution For The Internet Of Things?

February 25, 2021

The Internet of Things (IoT): Where do You Begin?

  • 1
February 25, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Amazon WorkSpaces @awscloud DaaS client will be available on @IGEL_Technology virtual endpoint client OS.… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

.@VMware cutting more workers in California as part of ongoing #workforcerebalancing. #layoffs… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

#CPVirtual is March 2-4. It’s the hottest ticket in town — any town, since it’s 100% online — so make sure you have… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

.@datto, @ThreatLocker partner to streamline #MSP secure business operations. dlvr.it/RtYvJK https://t.co/nKGnwbblNO

February 26, 2021
ChannelFutures

Infographic: Why Partner with Sierra Wireless and GetWireless? dlvr.it/RtYh1m https://t.co/KcBFzXIx7l

February 26, 2021
ChannelFutures

Infographic: The Sierra Wireless Essential Series dlvr.it/RtYgxv https://t.co/CatxbRHzXr

February 26, 2021
ChannelFutures

#Threatprotection is no small matter for #MSSPs. Find out what vendors say you have to do this year to protect your… twitter.com/i/web/status/1…

February 26, 2021
ChannelFutures

Cloud strategies and cybersecurity are key, and #COVID19 will have more impact than #Brexit on U.K. channel, says… twitter.com/i/web/status/1…

February 26, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X