The extent of the IT security challenge is proving too much for some small-to-medium sized businesses. Mike Puglia, chief product officer, Kaseya says that outside help from MSPs may be the best option.
A recent study commissioned by global IT systems management provider, Kaseya polling over 900 small-to-medium-sized businesses (firms of up to 5,000 employees), has revealed that IT executives are failing to recognise the importance of IT security. It indicated that most businesses are placing the issues of completing IT projects on time and reducing IT costs ahead of a secure network, regardless of the concerns highlighted during the recent Equifax data breach that exposed the data of 400,000 UK residents.
Only 21% of respondents labelled security as the main issue among firms that were deemed ‘efficient’ in their IT operations. This was a surprising statistic considering 40% of respondents across the survey admitted that ensuring compliance and security was their second most important technology challenge in 2017.
The research also indicated that many businesses still struggle to get the most from their IT capabilities, with 83% still focusing on day-to-day IT management tasks that are often time-consuming and manual, rather than working with comprehensive and aligned processes.
This finding hints at the reasons why many SMBs struggle to recognise the importance of security: they simply don’t have the capacity or the resource in-house to address it properly. SMBs simply can’t afford the security personnel expense (security experts command top salaries) and don’t have the time to do the constant and detailed work it takes to maintain a safe environment – nor is this a strategic endeavour for busy SMB IT shops.
This lack of focus on security that many SMBs display is in a sense understandable for the reasons given above – but it is nevertheless a serious concern. The threats posed by cybercriminals are worse than ever and the damage that they do is unparalleled. Keeping up is tough enough. Staying ahead seems near impossible, especially for SMBs.
It is, however, an issue that no SMB can afford to ignore. Security is a huge liability and visibility concern for companies who see their reputation and business possibly ruined due to breach publicity and fines for loss of data.
In line with this, a recent survey from endpoint security specialist, Webroot has revealed that 96% of businesses with 100 to 499 employees in the Australia, UK and US believe their organisations will be susceptible to external cybersecurity threats in 2017. Yet, even though they recognise the threats, 71% admit to not being ready to address them.
The severity of the cybersecurity threat underscores the reality that proper up-to-date security practices are more vital than ever to the health and wellbeing of every company, no matter its size. The risks are too high, and the incidence of exposure and breaches is only increasing. A growing number of SMBs are concluding that the best way to gain proper protection is through a managed services approach and through the adoption of managed security services, in particular.
Managed Service Providers to the rescue?
We expect to see more managed service providers (MSPs) rising to the challenge and adding managed security services to their solutions portfolio, including patching and updates; audit and discovery; desktop security and identity access management. Some of these services, most notably patching and software updates, are already offered by many MSPs, but they need to ensure they are optimising the efficiency of the approach as much as possible and focusing on expanding into new security service areas.
Nevertheless, MSPs are on the right track in this regard. They have an advantage in protecting SMB networks since they can manage security for multiple clients, and have the tools and manpower to get the job done right. In many ways, MSPs can mimic what the largest enterprises do for themselves in terms of security best practices but apply these principles to SMBs.
Security needs to be a major priority for SMB companies today. The fact that this is not currently the case reflects the fact that these organisations are preoccupied with immediate issues around sales growth, operational efficiency and cost control. They don’t have the time or in-house resource to devote to security. That’s why outsourcing the function to an MSP organisation that understands this area and has access to the expertise, experience and the technology to deliver a high-quality managed security service, has to make sense.