Skip to main content
SolarWinds MSP
  • Login
  • Support
      SolarWinds MSP
      • Products
        • SolarWinds RMM The RMM platform that grows with you. You can be up and running quickly.
        • SolarWinds Backup Leverage on-site and off-site storage to quickly recover from a disaster.
        • SolarWinds Mail Assure Robust spam and malware protection, including zero-hour detection.
        • MSP Manager Manage your IT business effectively with a system that minimizes the overhead.
        • SolarWinds Risk Intelligence Put a financial value on your IT risk profile.
        • MSP Anywhere Get quick, efficient remote access tools that let you get the job done fast.
      • Solutions

        I'm looking to...

        I'm looking for...

        • Manage my MSP Business More Efficiently
        • Manage my IT Department More Efficiently
        • Layered Security
        • Data-Driven Insights
        • Cross-Platform Support
      • Resources

        Webinars & Events

        Resource Center

        • Ask the N-Central Experts
        • Backup Foundations Training
        • RMM Foundations Training
        • Upcoming Events
        • Upcoming Webinars
        • Case Studies
        • eBooks
        • White Papers
        • SolarWinds MSP Free Tools
        • GDPR Resource Center
        • Security Center
      • About
        • Contact
        • Worldwide sales and support
        • Careers
        • Awards and Recognition
        • Get A Quote
        • Newsroom
          • Press Releases
          • In The News
          • Media Contacts
        • Leadership Team
        • Legal
          • Cookie Policy
          • Privacy Policy
          • SolarWinds MSP UK Software Services Agreement
          • Terms of Use
          • Backup Fair Use Policy
          • GDPR
        • Security
      • Blog
      • Contact Sales
        • Get A Quote
        • General Inquiry
      • TRY NOW
        • SolarWinds RMM
        • SolarWinds Backup
        • MSP Manager
        • SolarWinds Mail Assure
        • SolarWinds Risk Intelligence
        • MSP Anywhere
      Filter Blogs
      • Filter by:
      • MSP Business
        • Backup & Disaster Recovery
        • Best Practices
        • Business
        • Business Growth
        • Business Risk
        • Cloud Computing
        • Customer Service
        • Cybersecurity
        • Data
        • GDPR
        • Internet of Things
        • IT Support
        • ITSM
        • LOGICcards
        • Machine Learning
        • Mail
        • Managed Services
        • Marketing
        • Mobile
        • Networking
        • Operations
        • Podcast
        • Product
        • PSA
        • Remote Management
        • Research & Trends
        • Risk Intelligence
        • Security
        • Security Vlog
        • Service Desk
        • Services & Support
        • Tips & Advice
        • Training
      Home Blog MSP Business Calculating the real dollar cost of risk for small business owners
      Tablet computer displaying the text 'Manage your risk'
      MSP Business

      Calculating the real dollar cost of risk for small business owners

      By Nick Cavalancia
      14 September, 2016

      In my last article (Calculating the dollar cost of risk with MAX Risk Intelligence), I outlined how organizations – big and small – can both identify and quantify risk by placing a dollar cost on that risk. This process, as defined by LOGICnow’s Risk Intelligence solution, calculates risk as a function of the amount of unprotected sensitive data, the average cost per record during a data breach and a score determining how vulnerable a given endpoint is. 

      For organizations with a dedicated security team, all this makes perfect sense. For the security professional, looking at the dollar cost of risk it helps outlines where their focus needs to be to reduce this risk. 

      But, what does this mean for the SMB?

      According to Cisco’s 2016 Annual Security Report, SMBs are still less secure than their Enterprise counterparts. They have no dedicated security team, they often use outdated hardware and security solutions and they lack the security protocols around intrusion and vulnerability protection – all of which leaves them prone to attack. 

      While the dollar cost of risk for an SMB may actually be lower than that of an enterprise, this cost needs to be put into perspective. Think about it – if there are less endpoints and less records than say a company with 25,000 employees, the calculated dollar cost of risk will have less zeros at the end. The 25,000-employee company may have a risk dollar cost in the millions where the SMB’s risk is only measured in the thousands. However, it’s important to look at the dollar cost relative to both the size and revenue of the organization in question.

      Regardless of the specific value, if there is a dollar cost of risk for any given business, it reflects vulnerability, mismanagement of sensitive data and the dangerous potential mixture of the two should an external attack take place. 

      So, what steps should SMBs take to reduce the risk (and the associated dollar cost)?

      To answer this, let’s start by looking at how the dollar cost of risk is calculated: 

      # of unprotected records  x  cost per record  x  CVSS Score

      And remember this is calculated on a per-endpoint basis, as each endpoint, in essence, gets its own CVSS score. So, if you want to reduce your risk (as indicated by the risk dollar cost), you can simply work to reduce each of the three areas of risk outlined in the calculation:

      • Reduce the # of unprotected records
        Start by asking: “what constitutes an unprotected record?” Generally, the calculation dictates that it’s a record found on an endpoint rather than securely stored on a server. So, there are two things right there: 
        • have an inventory of all endpoints (so you’re aware of all the devices unprotected records can potentially exist on); 
        • and, consider implementing company policies that encourage users to not copy sensitive data to their endpoints. 
           
      • Reduce the cost/record
        OK, this one sounds strange. That’s industry data we’re talking about – how are you supposed to reduce that? Call up Ponemon and ask them to lower the number? While no one from Ponemon will return your calls, you can reduce the cost/record by reducing the access to costly data types. Now, the HR folks will always need to access social security numbers here in the US, but ensuring that data isn’t accessible by anyone else becomes important. Putting privileges in place to minimize access by accounts is a great first step. Remember, just because a record is sitting on an endpoint, doesn’t mean every user logging onto that endpoint can access it… provided you put some security in place to prevent it.
         
      • Reduce the CVSS score
        According to the Cisco report, Flash vulnerabilities continue to be a popular attack vector. Why? Because nobody updates their Flash to patch all the security vulnerabilities that exist. This is such an easy one for you all – it really just comes down to scanning and patching all your devices. I’m oversimplifying things a bit, but at the end of the day, the CVSS really just looks at a device and tells you just how vulnerable it is based on known vulnerabilities. Patched endpoint? Low CVSS score. Simple.
         
      • Reduce the number of unprotected endpoints
        While this one isn’t exactly part of the calculation, because the CVSS is endpoint-specific, it just makes sense that you begin to look beyond whether an endpoint is patched or not. Instead, looking to protect it from the dangers of an external attacker gaining entry to it via malware-laden emails or websites so that this never becomes a discussion around how many records are actually on a given machine. If an attacker can’t access it, it doesn’t matter anyway. Looking at email protection and even endpoint threat protection solutions is a great start to locking down an endpoint from ever being a victim.

      Keeping the SMB Risk Dollar Cost Down

      SMBs have a lot more to worry about than larger organizations. Some of the most basic tenets of IT security are rarely adhered to, making SMB networks prime targets for external attacks. The use of the dollar cost of risk isn’t necessarily meant to be a wakeup call by using some massive number (although using a tool like MAX Risk Intelligence and getting a report with a whopper of a risk cost sure better get you out of your seat!). Instead, use the dollar cost to represent the outline used by enterprises to define where they need to place their energies in order to reduce risk. By following the steps outlined in this article, you can effectively reduce each facet of risk that is used to calculate your organization’s dollar cost of risk. 

      Just because you’re an SMB doesn’t make you immune; it makes you a target. Do the math, and get cracking on clamping down on your dollar cost of risk.

      You might also like...

      MSP Business

      MSPs: Put a dollar value on security risk with MAX Risk Intelligence

      MSP Business

      An IT message to non-techs: You're an important piece of the puzzle!

      MSP Business

      How two CISOs have made security a business priority for the board and CFO

      MSP Business

      Breach intelligence with cURL, PowerShell and McAfee ePO

      MSP Business

      5 cyber insurance numbers you need to know

      MSP Business

      Cloud vs on-prem - Is your security better than a leading cloud provider?

      Recent Posts

      • How to Manage Your Sales Team
      • Password Security: Central to GDPR Readiness
      • 10 Steps to Cybersecurity—Why Practicing Good Cyberhygiene Is Critical
      • The Blurring Line Between MSP and MSSP 
      • Managing reporting to build customer confidence

      Categories:

      • Business Growth (374)
      • Tips & Advice (341)
      • Managed Services (296)
      • Best Practices (251)
      • Cybersecurity (217)
      • Business (204)
      • Security (195)
      • IT Support (96)
      • Backup & Disaster Recovery (87)
      • Data (69)
      • ITSM (67)
      • Cloud Computing (54)
      • Product (47)
      • Mail (38)
      • Marketing (37)
      • Risk Intelligence (32)
      • Customer Service (29)
      • Networking (22)
      • Remote Management (22)
      • Service Desk (16)
      • Services & Support (16)
      • GDPR (13)
      • Research & Trends (13)
      • Business Risk (12)
      • PSA (10)
      • Internet of Things (10)
      • Mobile (9)
      • Operations (7)
      • Training (6)
      • LOGICcards (4)
      • Machine Learning (3)
      Show moreless
      SolarWinds MSP

      Products

      • SolarWinds RMM
      • SolarWinds N-central
      • SolarWinds Backup
      • MSP Manager
      • SolarWinds Mail Assure
      • SolarWinds Risk Intelligence
      • MSP Anywhere

      Solutions

      • How We Help MSPs
      • How We Help IT Departments
      • Layered Security
      • Cross-Platform Support
      • Data-Driven Insights

      About

      • About Us
      • Careers
      • Newsroom
      • Leadership Team
      • Upcoming Events
      • Privacy
      • Legal
      • Security
      • Subscription Preferences

      Support

      • SolarWinds RMM
      • Solarwinds N-central
      • SolarWinds Backup
      • SolarWinds Mail Assure
      • MSP Manager
      • Solarwinds Risk Intelligence
      • MSP Anywhere
      • MSP Mail
      • MSP Anywhere Downloads
      • Backup & Recovery Downloads
      • Sitemap
      • Service Status