This year has seen massive changes to the face of cyberattacks. We’ve gone from threats from small numbers of criminal organizations to every part of a cyber crime available as a service. Nearly every type of cyber attack – malware, ransomware, cryptomining, data breaches, phishing, fraud, and more – have all reached record levels.
While large organizations with millions of records tend to get the focus in the news, it’s the small and medium-sized business (SMB) that seems to always be fighting an uphill battle when it comes to cybersecurity.
2018 was no exception.
In 2018, 58% of data breaches occurred in the SMB, and according to the Hiscox Cyber Readiness Report, organizations of every size – all the way down to the smallest of SMBs – are experiencing cyberattacks.
To make matters worse, this year, 57% of SMBs reported an increase in attack volume over the past 12 months, with two-thirds reporting an increase in attack sophistication. And it’s not just attack attempts; according to UK insurer Beazley, 71% of ransomware incident claims handled in 2018 belonged to SMBs, with the number of ransomware incidents more than doubling in Q3 from August to September!
Why the SMB? Why not go for the largest of organizations where the real money is?
Well, to start, cybercriminals are going there, too. But attacks on larger orgs tend to be longer-term scams, involving lots of diligence on specific employee targets, the need to gain access to specific applications and systems, and usually involve needing to overcome sophisticated layered security.
So, it makes sense that SMBs have remained an even more viable target in 2018. While the reward may be smaller than when attacking an enterprise, the likelihood of success is much higher. SMBs generally have less time, proper security tools, and budget to address such potential problems themselves. And, most importantly, they usually lack the expertise needed protect their business beyond the installation of antivirus on the endpoint.
A Huge Service Opportunity for MSPs in 2019
This rise in attacks in 2018, mixed with the SMB’s inability to prevent, detect, protect, and react to threats provides MSPs with a service opportunity to generate more revenue as we move into 2019.
The MSP looking to add Security services (whether you tout your business as an MSSP or not) to your stable of offerings in 2019 should not be looking for a single “silver bullet” solution. In the same way that SMBs with antivirus installed are still becoming victims, your customers won’t be any safer if you do the same.
What’s needed today is a layered security approach that protects the environment at multiple points. MSPs need to look at their customer’s security using a number of different lenses, including: network, interaction with email and the web, the endpoint, and the user. It’s only by building a layered security services offering that you will be successful in reducing the likelihood of attack.
With 2018 almost gone, it’s time to take on the opportunity of securing SMBs in 2019. You can be certain that 2019 will bring as much unpredictability as 2018 has, so focus on finding security solutions that provide you as much layered coverage as possible.