A recent study commissioned by global IT systems management provider, Kaseya polling over 900 small-to-medium-sized businesses (firms of up to 5,000 employees), has revealed that IT executives are failing to recognise the importance of IT security. It indicated that most businesses are placing the issues of completing IT projects on time and reducing IT costs ahead of a secure network, regardless of the concerns highlighted during the recent Equifax data breach that exposed the data of 400,000 UK residents.
Only 21 percent of respondents labelled security as the main issue among firms that were deemed ‘efficient' in their IT operations. This was a surprising statistic considering 40 percent of respondents across the survey admitted that ensuring compliance and security was their second most important technology challenge in 2017.
The research also indicated that many businesses still struggle to get the most from their IT capabilities, with 83 percent still focusing on day-to-day IT management tasks that are often time consuming and manual, rather than working with comprehensive and aligned processes.
This finding hints at the reasons why many SMBs struggle to recognise the importance of security: they simply don't have the capacity or the resource in-house to address it properly. SMBs simply can't afford the security personnel expense (security experts command top salaries) and don't have the time to do the constant and detailed work it takes to maintain a safe environment – nor is this a strategic endeavour for busy SMB IT shops.
This lack of focus on security that many SMBs display is in a sense understandable for the reasons given above - but it is nevertheless a serious concern. The threats posed by cyber-criminals are worse than ever and the damage that they do is unparalleled. Keeping up is tough enough. Staying ahead seems near impossible, especially for SMBs.
It is, however, an issue that no SMB can afford to ignore. Security is a huge liability and visibility a concern for companies who see their reputation and business possibly ruined due to breach publicity and fines for loss of data.
In line with this, a recent survey from endpoint security specialist, Webroot has revealed that 96 percent of businesses with 100 to 499 employees in Australia, the UK and US believe their organisations will be susceptible to external cyber-security threats this year. Yet, even though they recognise the threats, 71 percent admit to not being ready to address them.
The severity of the cyber-security threat underscores the reality that proper up-to-date security practices are more vital than ever to the health and wellbeing of every company, no matter its size. The risks are too high, and the incidence of exposure and breaches is only increasing. A growing number of SMBs are concluding that the best way to gain proper protection is through a managed services approach and through the adoption of managed security services, in particular.
We expect to see more managed service providers (MSPs) rising to the challenge and adding managed security services to their solutions portfolio, including patching and updates; audit and discovery; desktop security and identity access management. Some of these services, most notably patching and software updates, are already offered by many MSPs, but they need to ensure they are optimising the efficiency of the approach as much as possible and focusing on expanding into new security service areas.
Nevertheless, MSPs are on the right track in this regard. They have an advantage in protecting SMB networks since they can manage security for multiple clients, and have the tools and manpower to get the job done right. In many ways, MSPs can mimic what the largest enterprises do for themselves in terms of security best practices but apply these principles to SMBs.
Security needs to be a major priority for SMB companies today. The fact that this is not currently the case reflects the fact that these organisations are preoccupied with immediate issues around sales growth, operational efficiency and cost control. They don't have the time or in-house resource to devote to security. That's why outsourcing the function to an MSP organisation that understands this area and has access to the expertise, experience and the technology to deliver a high-quality managed security service, has to make sense.
Contributed by Mike Puglia, chief product officer, Kaseya
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.