While cyber-attacks on large well-known companies such as British Airways and Capital One make front-page news, it’s rare to find stories about attacks on SMEs. It might be tempting to believe SMEs have little in the way of value for hackers compared to the big companies, but the reality is SMEs are becoming primary targets.
According to the UK Government’s Cyber Security Breaches Survey 2019, in 2018, 31% of all SMEs in the UK suffered from an attack — this cost the UK economy more than £2bn. How many more went unreported is unknown, but it would probably be substantial.
Unfortunately, SMEs are not doing anywhere near enough in response to this growing threat. A recent report by Business in the Community (BITC) found that a third of SMEs in the UK have no cyber security strategy in place, while just 35% have basic data protection policy and only 29% have a policy for controlling access to systems.
Why? SMEs are understandably focusing on being operational from day to day, so they can serve customers to keep the business going. Also, SMEs struggle to scale security solutions effectively. Often they don’t want to invest in something that might necessitate updating their whole infrastructure, as well as any disruption to their business.
How does this effect MSPs
The lack of MSPs ability or willingness to help with their clients security infrastructure has a profound affect too . If their clients fall victim to an attack, it harms their reputation as well.
According to Tim Moran, founder and CEO, LuJam Cyber, clients with bad security postures are making customer relationships difficult.
“Many MSPs find that they don’t get to spend as much time on certain clients because other clients with bad security practices need too much attention,” he said.
SMEs today are increasingly looking to MSPs for help with cyber security. MSPs need to show that they can consistently deliver high-performance security solutions for their customers or their competition will take their business.
Real-time cyber monitoring
Good MSPs are encouraging SMEs to undertake audits — such as Cyber Essentials, IASME Gold or even ISO27001. But, they’re benefits are limited until the next audit is required a year later.
The audits only cover a specific point in time. It can be hard to maintain the enthusiasm to make sure controls are kept in place on a day-to-day basis. Other pressing business needs can often lead to people overriding or even removing controls altogether.
For MSPs to stay ahead of the game they need real-time visibility of their clients’ network.
Consequently, these insights provide MSPs with the opportunity to upsell services, increases loyalty and trust, this more pro-active approach to managing their customers works, and increases their profitability.