SolarWinds MSP recently released the results of its survey into the cybersecurity preparedness of businesses based on experiences of 400 SMBs and enterprises across the U.S. and the U.K.—you can read the blog post here for the full story.
In this series of posts we have been unpacking some of the most significant findings from the report. And to help companies, managed service providers (MSPs) and other IT professionals get a handle on growing security threats, we’ve highlighted seven areas from our survey where businesses need to improve to help boost their chances of not getting breached.
Last week we looked at how companies are being “Negligent” in the way they are applying security policies across the board. This week we focus on how too many companies are being “short sighted” in terms of balancing the cost of putting security in place.
One of the most striking findings from the survey is the cost of data breaches—on average $76,000 for SMBs and $939,000 for larger companies. This is something that organizations need to be taking into account when they are weighing up their cyber defenses.
Among the 400 respondents to our survey, we found that at most only six of the nine most typical cybersecurity technologies have been deployed to protect companies—and only by a minority of respondents.
The nine most typical cybersecurity technologies we looked at include:
The survey found that web protection, email scanning, and anti-malware had each been rolled out by 50–61% of respondents. Yet, of the remaining six technologies (including SIEM, firewall rules, and patch management), SIEM had been deployed by the most respondents (33%), and intrusion systems by the least (25%).
The interesting point here is that when we look at the most effective defense against cyber attacks for businesses; it’s layered security. This includes not just the paid-for technologies that you can put in place, but also all the things that you can do for free, such as hardening your endpoints, removing flash, controlling admin access and the like. MSPs and IT service providers should be using these free techniques as the baseline from which they can then add a technology stack. This way they can help their customers do more—and do more for free—to harden their networks against attack.
When it comes to moving up to the next level and employing paid-for techniques, you need to have a risk assessment framework in place. It is often not necessary to roll out everything to everyone. Companies will have different assets stored in different parts of the network or business; and it is important to know where those assets are. Tools like our own SolarWinds® MSP Risk Intelligence can help you pinpoint these and then plan accordingly.
For many companies, the short-sightedness around security stems from a lack of understanding of what they need to employ, and where. By combining a risk analysis with the average breach costs from our survey, as an MSP or IT service provider you are better placed to cost any solution against the cost to the business of not taking any action. It also enables you to provide a layered defense for a fraction of the cost by simply employing a global strategy without having to do detailed analysis of the company.
Next week’ blog post will look at how companies’ “Complacency” is affecting the security landscape.
Click here to find out more about how SolarWinds MSP can help you with your layered security.
© 2017 SolarWinds MSP UK Ltd. All rights reserved.