Cybersecurity is one of the biggest concerns — and areas of investment — for small and mid-size businesses (SMB) in recent years, a trend only accelerated by the global pandemic. But SMBs have unique security, budget, and other needs distinct from those of their larger enterprise counterparts. One size does not fit all.
The SMB market shifts
For too long, says Ori Arbel, CTO at cybersecurity platform Cyrebro, a lot of SMBs have not understood the difference between cyber insurance and cybersecurity or defense.
“They used to rely heavily upon being compliant. But it's like saying, ‘Hey, I'm going to the doctor. I'm healthy now. Do I still need to work out? Eat my vegetables?’ That concept of compliance being good enough doesn't fly anymore.”
Arbel has seen that assumption starting to change, though — and that’s where Cyrebro saw an opportunity. The company began creating systems for Fortune 500 or Fortune 1,000 companies. But they quickly saw a market opportunity arising in the SMB space.
“The goal here is to level the playing field somewhat when it comes to the SMB market. They were neglected for a very long time when it came to security. We came up with the concept of Cyrebro to bring enterprise-level security to the SMB world.”
There’s a big opportunity here because Arbel points out that 80 percent of the market is made of SMBs, for starters. But their risks were also growing — and in a space that traditionally might have had limited or no cybersecurity software or platforms currently in use.
A wake-up call
Arbel says that just a few years ago, many small and mid-size businesses didn’t seek out cybersecurity solutions. Some of that might have been because of budget, but many, he says, also felt like it wasn’t necessary.
“‘If I'm a law firm out of Boston with 50 people, who's going to be interested in attacking me?’” was the line of reasoning, Arbel explains. “That's just completely misunderstood because most of the attacks unless they're government funded, they're not targeting this or that. They're targeting a specific technology set. And if that law firm out of Boston happens to have a server that is using this machinery that happens to be vulnerable, that's it. And that's no laughing matter.”
While SMBs tend to be very resilient in a lot of ways, a major cybersecurity attack that damages trust could have much bigger aftershocks at a smaller company.
“The Boston law firm is not going to recover like, say, Coca-Cola. Yeah, Coca-Cola will be hit, and they will lose a lot of money. And it's embarrassing and bad publicity. Coca-Cola is going to be there the next day. The law firm, not necessarily. So they started realizing that, hey, guys, we need those tools. We need the coverage.”
Increasing number of attacks
“Logically, security is not a moneymaker,” Arbel says. “It’s 100% expense and 0% income that comes from security. So why would anybody invest in security?”
One reason is COVID.
Since COVID began, there’s been a boom in the demand for SMB cybersecurity solutions – even if it doesn’t immediately make sense from a budget perspective if companies were cutting back on expenses. But the risk and growing number of attacks outweigh the previously held beliefs around cybersecurity being an unnecessary cost and pushing people to invest.
“During COVID, we started seeing a lot more foot traffic in the attack world. There are hackers that are bored at home, and they have all the time in the world now to sit down and play and find exploits and vulnerabilities and put all their time and effort into attacking. So, the numbers went up,” Arbel added.
Finding the right cybersecurity solutions for your business
Small and mid-size businesses have unique needs when it comes to cybersecurity. They might outsource for a number of reasons. It might be hard to pay for a 24/7/365 in-house team, for starters – especially as the labor market tightens. They might not have the monetary, physical space, or human resources needed to do a good job on their own.
And cybersecurity professionals working with SMBs have to adapt how they work and what they work with for different-sized businesses in different industries.
“[SMBs] have a different technology stack from the enterprise world. With that comes a different skill set and a different set of systems. That's a big differentiator,” Arbel says.
But, Arbel says, creating a secure environment is like piecing together a puzzle. And small and mid-size business leaders don’t necessarily have the time and budget to build a perfect puzzle.
As we settle into the new reality of a more fully remote or hybrid work world, IT teams must secure a highly fluid workforce. With endpoints everywhere and on different networks, traditional, on-premises security measures no longer offer the best protection.
Most will want to outsource. Whether you build a system from the ground up, integrate existing software and platforms, or use secure cloud-based tools, utilizing third-party partners takes a load off many SMB IT leaders and CEOs at a time when every dollar must go farther, and one slip-up can have disastrous effects.