Posted on July 6, 2021
Recent cybersecurity statistics paint a troubling picture for owners of small and midsize businesses. Here are a few that will quickly focus the attention of even the most confident exec:
Owners of midsize and small companies are quickly coming to grips with the magnitude of the risks they face, understanding that their level of preparedness for an attack is quite literally a life and death issue for their businesses. Unfortunately, the Kaseya ransomware attack revealed this past week serves as the latest reminder for these organizations. It is no surprise that given the sophisticated nature of the threat environment, the executive teams running these businesses are actively looking for pragmatic, cost-effective ways to improve their security.
These organizations generally don’t have the in-house security bench strength or subject matter expertise they need to maximize their odds of remaining secure and in business. Gartner research noted that nearly half of midsize enterprises say they do not have sufficient in-house IT and security staff, and over a third say they don’t have staff with the right skill sets.
To address these issues, companies are growing their security budgets. Gartner highlighted Cyber and Information Security as the top area of increased investment for midsize organizations, with 62% of respondents indicating that they are spending more on cybersecurity this year than last.
All of these factors – lack of in-house resources, higher security budgets, and, of course, fear of attack – are contributing to a trend among midsize enterprises to outsource some or all of their cybersecurity to MSSPs.
This market dynamic has created a unique opportunity for MSSPs. Consider this recent statistic from ConnectWise:
“91% of SMBs would consider using or moving to a new IT service provider if they were
offered the ‘right’ cybersecurity solution.”
So now the question becomes “what is right?” from the perspectives of the SMBs as well as the MSSPs that serve them. Let’s look at both sides of this business equation.
Going back to the statistics, it is clear that midsize enterprises face attacks at the same frequency and level of sophistication as their Global 2000 counterparts. As a result, they need cyber-defenses that are on-par – or better, if possible – than their larger peers. This is where a Zero Trust security approach comes into play. Zero Trust, the idea of treating all IT system access requests as potentially dangerous to the organization, is a strategic approach that nearly all large organizations are adopting to protect themselves from today’s elevated threat environment. According to recent survey data from Statista, 72 percent of large organization respondents have plans to adopt zero trust in the future or have already adopted it.
But what about smaller organizations? Well, Zero Trust is something they need to pursue as well. Here is what John Kindervag, creator of the Zero Trust security concept during his time at Forrester, had to say about it:
“Quite often, I hear, ‘Zero Trust is only for big organizations – my company is too small.’ But Zero Trust is a framework for any organization that has data and assets to protect from the malicious actors to which all companies, big or small, are exposed via the Internet. Luckily, Zero Trust can work for your small or midsize business, once you find technology and expertise that fit the unique parameters of your organization.”
So, if we accept that Zero Trust is the right strategy for companies of all sizes to pursue, then part of a solution being ‘right’ for midsize businesses is that it delivers a comprehensive set of Zero Trust security controls that can effectively protect an organization’s users, devices, apps, and networks.
Another critical factor, of course, is cost. Despite planned security spending increases, it is a fact of life that smaller organizations’ IT and security budgets are a fraction of what Global 2000 companies spend. So, part of being “right” for midsize businesses is being affordable enough to fit within their very real budget constraints.
What makes a Zero Trust solution ‘right’ for MSSPs? They need a Zero Trust platform that satisfies their customers’ security needs at a price point that works for both the customer and their own bottom line. They also need to be able to wrap their own value-added services, such as managed detection and response, around this platform and package it in a way that is compelling to customers and workable within their budgets.
MSSPs have their own bench-strength issues to deal with and must closely manage personnel costs while serving a budget-constrained target market. Therefore, the platform they use should enable them to provide Zero Trust security services to their customers as efficiently and effectively as possible.
To illustrate this point, consider the issue of actioning security alerts. MSSP services generally include a team of security analysts who are responsible for following up on alerts. A recent poll of C-level security executives noted that 37% reported received more than 10,000 alerts each month; 52% of those alerts were identified as false positives. Considering that an average security analyst spends 10 minutes responding to a single alert, responding to false positives for a single company like these would take over 850 hours of analyst time each month. Some quick math indicates that it would take five analysts, each earning roughly $100,000 per year, just to respond to false positives. Even if you scale this figure down by half or more for a medium- or small-size business, it is clearly a margin crusher for MSSPs providing this security service using a platform that does not minimize false positives.
Similar illustrative examples can be made showing the “hidden costs” MSSPs take on when they use solutions that are overly complex or not integrated to deliver security services to their clients. The key takeaway is that MSSPs need to be selective in the platform they adopt to serve the midsize enterprise market. It must be simple for internal teams to operate and manage and extremely effective in the protections and controls it provides.
Midsize enterprises, and the MSSPs that serve them, are typically an afterthought for big enterprise security vendors, which develop solutions that are appropriate for large organizations with sizable IT and security teams. As a result, MSSPs seeking robust solutions for the SMB market frequently end up grappling with products that they themselves lack the resources to effectively integrate, deploy, and manage. In too many cases, they are left with costly security solutions that do not provide the level of protection their clients require and are a drain on MSSP bottom lines.
The recently introduced ZTEdge Zero Trust Security platform takes a fundamentally different approach by focusing on MSSPs and the SMBs they serve. ZTEdge cuts complexity, reduces cyber-risk, and improves performance, all at a price point that is about half that of competitive solutions. Delivered by ZTEdge certified MSSP partners, the platform protects organizations’ users, applications, and data.
ZTEdge provides the capabilities all distributed organizations need to keep their teams connected, productive and secure, including integrated identity and access management, Zero Trust network access (ZTNA), secure web gateway powered by remote browser isolation, cloud-delivered firewall, network traffic visibility/analysis, and microsegmentation, all orchestrated and powered by threat intelligence data derived from multiple industry sources, including the Cyber Threat Alliance, and the global ZTEdge user community.
Feedback on ZTEdge has been very positive:
Dr. Chase Cunningham, a thought leader in Zero Trust security, recently joined the ZTEdge team because he was so bullish on the platform and its ability to bring Zero Trust security to midsize customers. When ZTEdge launched, Chase said “Midsize enterprises and small businesses have the same need for Zero Trust security protection as the Global 2000, but existing solutions are too complex, too expensive, and too resource-intensive for them and their service providers to adopt. ZTEdge provides a solution that is right-sized for the needs of this market.”
Mark Mahovlich, Vice President of Strategy & Execution, for MSSP ICM Cyber noted that, “given the large enterprise orientation of most security solution providers, we wanted a right-sized solution that provided a simple, cost-effective way for MSEs to quickly implement their own SASE strategy. The ZTEdge platform is the solution to do just that and is a valuable addition to the market.”
I’d urge all MSSPs that focus on the midsize and small business segment to begin their evaluation of ZTEdge. The platform’s capabilities and subscription packages are covered, and an on-demand demonstration is available. Once you’ve seen what it offers, please contact us via the website and we will set up a time to do a deeper dive with you and your team. I’m confident that you will quickly recognize ZTEdge as a comprehensive, simple, and affordable solution that your team can use to win in the midsize and small business market.
Phishing soared in 2021, building on a record-breaking 2020. Variations leading the growth included “smishing,” “vishing” and malicious social media.
The LAPSUS$ cybercrime gang gained access to T-Mobile’s VPN simply by purchasing initial access from a site that sells access to compromised systems.
RBI stops steganographic attacks, in which malware is concealed within the code of images or other presumably innocent content, in ways that AV/firewalls cannot detect.