How Can SMBs Fight Cyberattacks?

Even before the COVID-19 pandemic, small to mid-sized businesses (SMBs) faced unique challenges on the cybersecurity front. The massive disruption caused by the pandemic only exacerbated the challenges of protecting data, systems and business—not to mention customers and their data.

Now that we’re starting to see signs of recovery, it’s important for SMBs to view their approach to cybersecurity from a more holistic perspective. Why? Because we continue to see troubling statistics like these:

Known Threats Require Preventive Actions

As much as I hate to use fear to illustrate a point, I’ve simply seen too many cases where someone doesn’t recognize the true threat and potential cost to their business until it’s too late. And by “too late,” I mean after a business has already been compromised and suffered through a disruption, complete outage, or shelled out some kind of financial settlement to pay off a ransomware attack.

The worst part is that we all know what the threats are. We know that SMBs are clear targets for cybercriminals, and we know that a high number of SMBs will experience a cyberattack. These days, it’s more of a question of when—rather than if—you’ll experience an attack.

In other words, we’re staring right at a predictable disaster. It’s a looming threat that you can easily plan for, as opposed to a tornado, flood or global pandemic.

So, what’s holding SMBs back from properly planning for a cyberattack? The most common obstacles are:

  • Limited resources: Tight budgets and minimal spending on IT
  • Lack of expertise: Very few IT staff in general, and no dedicated IT security team
  • Greater vulnerability: Highly distributed locations with many remote sites

I can tell you from firsthand experience that it’s no fun to sit across the table from the founder of a family business that has been around for 50 years and explain that they have to pay $800,000 to get their business back online after a ransomware attack. That’s a horrible conversation to have with someone who’s being forced to choose between paying a ransomware settlement or shuttering their business.

What SMBs Can Do Today

Despite any inherent budgetary limitations SMBs might have, it’s critical that they:

  • Fully understand the security risks they face
  • Make informed decisions on what risks to address and what risks to accept as the price of doing business
  • Commit to using the right technologies and services to mitigate those specific risks

One of the most cost-effective ways to accomplish those objectives is to use managed detection and response (MDR) or extended detection and response (XDR) services. Here are two case studies that illustrate the enormous difference an endpoint protection service can make.

The Obvious—and Not-So-Obvious—Costs of Ransomware

The first case involves a ransomware attack on a midsized retailer with nearly 20 stores. The attack started in the middle of the night and every store was affected within hours. At opening time the next day, every store’s IT system was down. The entirety of the store’s systems and data was encrypted by the ransomware, and the only way to operate was through manual processes (no electronic payment processing).

The chain felt as if it had no choice but to pay for the decryption program. All told, it took an entire week from spotting the ransomware to running the decryption program. But it took multiple weeks to fully recover—and the reputational damage and loss of customers could linger for years.

In contrast, the second case involved a small business that relied on personal computers to run its operations. The business had just installed an XDR service to monitor its systems. Shortly after midnight on a Saturday, the service detected a malware attempt from a remote office computer that was searching for point of sale (POS) systems, collecting network information and scraping the system for user names, passwords and email data.

As soon as analysts at the security operations center (SOC) discovered the threat, they immediately began cleaning up the malicious files and blocking further activity from the user profile. In contrast to the weeks of recovery that the retail store chain suffered through, the time from initial threat identification to complete containment took less than an hour with XDR.

Outsourced MDR and XDR Services for SMBs

If you don’t have the budget or interest in paying for in-house cybersecurity expertise, outsourced MDR or XDR services can be a good way to elevate your SMB’s security posture because they:

  • Require little to no internal technology and staffing overhead
  • Cost far less than the salary of a single IT security employee
  • Give you immediate access to around-the-clock coverage from experienced cybersecurity analysts

It’s one thing not to recognize the threats facing your business. But it’s another thing entirely to understand the threats and do nothing to prevent them. In the case of MDR and XDR services, you can get the affordable protection you need without having to become a cybersecurity expert yourself.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. Sponsorships ... Read More
Palo Alto Networks
Avatar photo

Tom Callahan

Tom Callahan has spent more than 15 years in information technology and security, focusing on areas like cloud services, cybersecurity, infrastructure, and operations—including MDR and XDR. His background also includes business IT restructuring and retooling to support ongoing changes throughout information technology and security. Tom joined PDI through its December 2020 acquisition of ControlScan Managed Security Services. He holds a B.S. in Information Technology from Towson University. He’s also a Red Hat Certified Engineer (RHCE), Certified ScrumMaster, and an active member of the Mid-Atlantic CIO Forum.

tom-callahan has 1 posts and counting.See all posts by tom-callahan