Lacking the financial and IT resources of enterprises, half of SMBs say they have no understanding of how to effectively prevent and respond to cyberattacks, according to the 2018 State of SMB Cybersecurity Report by Ponemon Institute. With 67 percent of SMBs reporting they experienced a cybersecurity attack in the last 12 months, it’s not surprising that most rely on managed services providers (MSPs) for their cybersecurity efforts. When MSPs don’t meet their expectations, however, SMBs are happy to move on.
Sophisticated Attacks Push SMBs to Their Limits
The average cost of a cyberattack on an SMB in 2018 was $1.43 million, a 33 percent increase over 2017, the Ponemon report says. Phishing is the number one attack type against SMBs, representing 52 percent of attacks overall and responsible for 79 percent of malware infections.
In addition to the overall increase in phishing attacks, SMBs report that the attacks have become increasingly targeted. Phishing campaigns of the past were sent in high volumes. Hundreds, and sometimes thousands, of phishing emails could be launched in a single send. To avoid detection, hackers have adjusted their methods, socially engineering their victims and launching targeted spear phishing attacks at low volumes.
With negligent employees being named the root cause of most cyberattacks against their businesses, SMBs need to provide their employees with both phishing awareness training and advanced email filtering technology. Unfortunately, SMBs are lacking in both areas. According to the 2019 State of SMB Cybersecurity report by Continuum, forty percent of SMBs do not offer security awareness training, and 31 percent of SMBs do not have an email security solution.
A Warning—and an Opportunity—for MSPs
Increasingly targeted in phishing attacks and lacking both in-house cybersecurity expertise and technology, SMBs need MSPs that can fill the gaps in their security posture. MSPs who answer this call are far more likely to keep their SMB clients than those that don’t. Continuum reports that a majority—more than half—of SMBs who use an MSP are planning to stay with their current provider. Twenty-nine percent, however, plan to move on, and a third blame the move on lack of confidence in their MSP’s cybersecurity capabilities.
Perhaps more alarming for MSPs than losing business is the fact that SMBs who have experienced a cyberattack will hold their MSP accountable: 74 percent of SMBs would take legal action, and 37 percent would hold the MSP solely accountable.
Offering the right cybersecurity solutions has the potential not only to help MSPs retain their current clients and avoid costly legal action, but also attract new, more profitable business. SMBs have high expectations when it comes to cybersecurity, and they’re willing to pay more—25 percent—for the right services and solutions.
Providing Education and Security Solutions SMBs Need
The sophisticated email threats targeting SMBs today are difficult to detect, and traditional solutions have a poor track record of blocking them. SMBs who use Office 365, for example, are particularly vulnerable to Office 365 attacks if they rely on Microsoft’s Exchange Online Protection (EOP). Native to Office 365, EOP uses reputation and signature-based threat detection to block known email threats. It’s an outdated method of protection that hackers easily bypass. SMBs that aren’t educated about its weaknesses assume they’re protected by EOP, and they rely on it as their sole email security solution.
As an MSP, you have an opportunity to educate your clients about the limitations of their existing security solutions and offer advanced solutions that can protect their businesses going forward. Artificial intelligence is emerging as one of the most promising technologies in cybersecurity today, monitoring threats and automating responses in ways not possible with traditional solutions. Educate your clients and prospects about these latest technologies and offer proven solutions that will protect their businesses and employees from attacks. SMBs need providers who understand the attacks directed at their businesses and have the solutions for mitigating them. Providing it makes you more likely to retain clients and attract new business.
Learn more about how to grow your business and protect your customers with Vade Secure for Office 365.