This was originally written and posted on Malwarebytes blog by Jovi Umawing on February 24, 2020.
With the threat landscape becoming more hostile to businesses, small- and medium-sized businesses (SMBs) are often finding it difficult to cope. Hence, they turn to managed service providers (MSPs) for help, not only to keep their businesses going—the concept known as business continuity—but also to offer salve to known pain points that encompass all industries.
One of the recognized pain points for SMBs is the apparent lack of skilled security professionals who can implement processes and procedures that snap back businesses to their original state of operations after experiencing a disruptive or business-ending event.
With the cybersecurity industry experiencing a stunning zero percent unemployment rate with millions of opened positions, SMBs often have a hard time finding, or affording, “the right candidates.” Unfortunately, this staffing challenge is foreseen to continue through 2021. This could spell bad news for SMBs.
This doesn’t mean that there is no talent out there, however. Positions aren’t filled because many employers are underpaying for skilled specialists. More remain open because employers and recruiters are looking inside a small bubble of candidates instead of exploring candidates with similar training and many of the appropriate “soft” skills, whose importance should not be overlooked in running IT and security teams. In addition, many current employees suffer from burnout, quitting their jobs after feeling overworked and underappreciated.
Conventional hiring trends, such as requiring experience and certifications at entry-level positions, plus a near-unreachable wish list of skills candidates must possess are other potential causes contributing to the shortage.
If an organization lacks the manpower to address their need to be resilient in the face of a threat landscape that is becoming more hostile toward business growth and evolution, a fully vetted MSP that offers tools and services that address an organization’s unique needs should step in to lighten the load.
SMBs are not known to set aside budget for security—another pain point. Unlike enterprises, we know that SMBs normally lack the resources they need to defend against cyberattacks. Whether that’s hiring the appropriate number of skilled staff, paying them a competitive salary, investing in security infrastructure, or purchasing enterprise-grade antivirus, network, and firewall protection, tight budgets typically mean corners must be cut.
Cybercriminals know this, and they are keen to pluck the low-hanging fruit. Therefore, it’s not a surprise to see an uptick of threat actors, particularly those behind ransomware campaigns, targeting SMBs—another reason why SMBs might consider using MSPs as an affordable alternative to full-blown security software suites to combat sophisticated malware attacks on-demand.
Some businesses may be lucky enough to have the manpower, but still lack the foresight to provide staff with the knowledge and training in cybersecurity they will need and use throughout their entire tenure. While it is understandable to a degree, it’s also disconcerting to know that some organizations in industries severely targeted by malware attack campaigns, such as hospitals, schools, and government bodies, have little to no knowledge of what a phish looks like. And while it’s concerning that companies with IT security teams may not be as prepared as we expect them to be, even more worrying is the faith organizations put into their cybersecurity readiness, when it may not be as good as they thought.
Staff unskilled in cybersecurity cannot provide organizations the help they need to prevent security incidents. Time may be the key factor in deciding whether an organization should get some outside help or not. While they recognize the need to address the lack of training in their workforce, MSPs can help take charge and get things moving with little overhead.
Cybersecurity standards are in place for a reason. Companies of all sizes need to know what it takes to build up their cybersecurity efforts, which in turn, makes a positive dent in their business resilience plans. MSPs may just be the answer they’re looking for.
MSPs are subject to well-known compliance regimes. This means that they don’t just follow one standard but many, and they likely overlap one another. For example, an organization based in New York who deals with clients in EU countries are subject to both the GDPR and regulations under the New York Department of Financial Services (DFS).
Helping take charge
SMBs have been feeling the pressure for years to respond to serious cybersecurity challenges their businesses face on a regular basis. They also know that such problems take time to address—they cannot be solved overnight. In the meantime, well-vetted MSPs can step in and help. Their fully qualified and trained staff can bridge the skills gap until a larger society shift happens (if it does); their resources, processes, and procedures make organizations they service compliant to known standards; and their overall service makes it easier for organizations to implement and manage in the long run.