SMBs

Online Gaming Risks and Kids: What to Know and How to Protect Them

Online games aren’t new. Consumers have been playing them since as early as 1960. However, the market is evolving—games that used to require the computing power of dedicated desktops can now be powered by smartphones, and online gaming participation has skyrocketed....

STEM for Kids: Why Does it Matter?

You have probably seen or heard news reports about STEM education (Science, Technology, Engineering, and Math), and how important STEM jobs are for the economy; or maybe you’ve heard reports on schools that are making strides to improve their STEM programs for...

Keeping Your Vehicle Secure Against Smart Car Hacks

An unfortunate reality of all smart devices is that, the smarter they get, and the more integrated into our lives they become, the more devastating a security breach can be. Smart cars are no exception. On the contrary, they come with their own specific set of...

Thoughtful Design in the Age of Cybersecurity AI

AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own. Thoughtful design...

Cybersecurity in Schools: What Families Need to Know

Our kids are more connected than any previous generation. From the moment they wake up, they have an instant connection to the internet through phones, tablets, and laptops. The internet is also now an important part of their learning experience, and many parents...

Out from the Shadows: The Dark Web

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

5 Must-Haves When Working Outside the Office

Reading Time: ~ 3 min.

When you’re running a business, it’s important to stay connected, whether you’re in the office or not. Modern technology has made this easier than ever, ensuring you can answer emails and stay on top of tasks in hotels, coffee shops, wherever. Social media influencer and serial entrepreneur Gary Vaynerchuk has even said, “The airplane is disproportionately the place where I get the most tangible amount of work done.” 

But if you’re going to get anything done outside the office or on the road, there are a few essentials to have on hand. Here are five must-haves to make sure you are prepared and productive.

#1 Protect Your Devices and Your Data

No, this is not at the top just because you’re reading this on a security blog. Anytime you’re accessing the internet in a hotel, coffee shop, or other public space, your data and devices are at risk. While security may not be at the top of your list of concerns, a whopping 58% of data breaches happen to SMBs, and 60% of those who are attacked fold within 6 months.

This is why security, at the very least endpoint security, should be your number one consideration when working on the go. But not all endpoint security solutions are created equal.

Explore fast and effective endpoint security designed for business.

Modern endpoint security is cloud-based, lightweight (won’t slow your device down), and is powered by 24/7 threat intelligence to make sure you are protected against all known threats. In fact, some do what is known as “journaling” when they encounter an unknown threat so if it is deemed malicious, every action the malware took can be rolled back, step by step.

It’s also worth considering implementing a VPN to secure your connection to your office software and data as well as secure your communications with colleagues. Public WiFi is a favorite target of malicious attacks, including man-in-the-middle attacks, so the more you can anonymize your activity, the better.

#2 Stay Connected

When you’re on the road, there’s no guarantee that you’ll have reliable WiFi. Coffee shop WiFi can vary depending on how many people are using it, and hotel WiFi often costs money. To make sure you can always stay connected to high-quality WiFi, you’ll want to invest in a mobile WiFi device, which will work much better than using your smartphone as a hotspot. Plus, using a mobile WiFi device will help save your phone battery and will free it up for any phone calls you need to make. 

In addition, by using your own WiFi hotspot, you will avoid some of the security risks that come from using public WiFi

#3 Stay Charged

The last thing you want when working on the go is for your devices to run out of battery. Of course, you must remember to bring your basic laptop and smartphone chargers. However, you might not always have convenient access to an outlet. In which case, you’re going to want to bring a portable charger. Smartphones and laptops have different battery needs so you might want to get a portable charger for each.

Here is a list of the top portable chargers for smartphones and another for the top power banks for your laptop.

#4 Stay in the Zone

If you’re out of the office, chances are it might be more difficult to find some peace and quiet. Because of this, you’ll want to make sure you have a good set of headphones to help you get in the zone. 

If you’re choosing headphones, you’ll need to consider whether you want to go with over-the-ear or in-ear models. Over-the-ear models tend to have higher sound quality and better noise canceling features, but there are a variety of high-quality earbuds these days that may be easier to travel with. Whichever you go with, they’ll be useless without productivity-enhancing music to go along with them.

study published on the psychology of music found that those who listened to music completed their tasks more quickly and experienced better creativity. If you want to make your own playlist, it’s largely accepted that classical and other instrumental types of music work best for productivity. However, there are a variety of curated work playlists already in existence that you could use.

#5 Travel with the Right Bag

Now that you have your laptop, smartphone, chargers, portable batteries, headphones, and WiFi hotspot, you’ll need a way to carry it all around. But not just any bag will do. Since you’re traveling, you’ll want something that is compact, organized, and comfortable to carry, even if it’s heavy.

While the briefcase is a classic, it is not very efficient and can be cumbersome when also trying to carry coffee or talk on the phone. Backpacks are definitely the way to go if you want to carry everything comfortably while keeping your hands free. Just make sure to choose a bag made of durable materials with adequately wide and cushioned straps. The last thing you want in a bag is one you wince at the thought of carrying again after a long day.

Smishing Explained: What It Is and How to Prevent It

Reading Time: ~ 3 min.

Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late?

It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around 98% of SMS messages are read within seconds of being received

Click here to see how 9 top endpoint security products perform against 15 efficiency benchmarks in the 2019 PassMark Report

As with any development in how we communicate, the rise in brand-related text messaging has attracted scammers looking to profit. Hence we arrive at a funny new word in the cybersecurity lexicon, “smishing.” Mathematical minds might understand it better represented by the following equation:

SMS + Phishing = Smishing

For the rest of us, smishing is the act of using text messages to trick individuals into divulging sensitive information, visiting a risky site, or downloading a malicious app onto a smartphone. These often benign seeming messages might ask you to confirm banking details, verify account information, or subscribe to an email newsletter via a link delivered by SMS.

As with phishing emails, the end goal is to trick a user into an action that plays into the hands of cybercriminals. Shockingly, smishing campaigns often closely follow natural disasters as scammers try to prey on the charitable to divert funds into their own pockets.

Smishing vs Vishing vs Phishing

If you’re at all concerned with the latest techniques cybercriminals are using to defraud their victims, your vocabulary may be running over with terms for the newest tactics. Here’s a brief refresher to help keep them straight.

  • Smishing, as described above, uses text messages to extract the sought after information. Different smishing techniques are discussed below.
  • Vishing is when a fraudulent actor calls a victim pretending to be from a reputable organization and tries to extract personal information, such as banking or credit card information.
  • Phishing is any type of social engineering attack aimed at getting a victim to voluntarily turn over valuable information by pretending to be a legitimate source. Both smishing and vishing are variations of this tactic.

Examples of Smishing Techniques

Enterprising scammers have devised a number of methods for smishing smartphone users. Here are a few popular techniques to be aware of:

  • Sending a link that triggers the downloading of a malicious app. Clicks can trigger automatic downloads on smartphones the same way they can on desktop internet browsers. In smishing campaigns, these apps are often designed to track your keystrokes, steal your identity, cede control of your phone to hackers, or encrypt the files on your phone and hold them for ransom.
  • Linking to information-capturing forms. In the same way many email phishing campaigns aim to direct their victims to online forms where their information can be stolen, this technique uses text messages to do the same. Once a user has clicked on the link and been redirected, any information entered into the form can be read and misused by scammers.
  • Targeting users with personal information. In a variation of spear phishing, committed smishers may research a user’s social media activity in order to entice their target with highly personalized bait text messages. The end goal is the same as any phishing attack, but it’s important to know that these scammers do sometimes come armed with your personal information to give their ruse a real feel.
  • Referrals to tech support. Again, this technique is a variation on the classic tech support scam, or it could be thought of as the “vish via smish.” An SMS message will instruct the recipient to contact a customer support line via a number that’s provided. Once on the line, the scammer will try to pry information from the caller by pretending to be a legitimate customer service representative. 

How to Prevent Smishing

For all the conveniences technology has bestowed upon us, it’s also opened us up to more ways to be ripped off. But if a text message from an unknown number promising to rid you of mortgage debt (but only if you act fast) raises your suspicion, then you’re already on the right track to avoiding falling for smishing.

Here are a few other best practices for frustrating these attacks:

  • Look for all the same signs you would if you were concerned an email was a phishing attempt: 1) Check for spelling errors and grammar mistakes, 2) Visit the sender’s website itself rather than providing information in the message, and 3) Verify the sender’s telephone address to make sure it matches that of the company it purports to belong to.
  • Never provide financial or payment information on anything other than the trusted website itself.
  • Don’t click on links from unknown senders or those you do not trust
  • Be wary of “act fast,” “sign up now,” or other pushy and too-good-to-be-true offers.
  • Always type web addresses in a browser rather than clicking on the link.
  • Install a mobile-compatible antivirus on your smart devices.

A Cybersecurity Checklist for Modern SMBs

Reading Time: ~ 5 min.

The landscape of digital security is rapidly shifting, and even the largest tech giants are scrambling to keep up with new data regulations and cybersecurity threats. Small to medium-sized businesses (SMBs) are often left out of these important conversations, leaving themselves — and their users — vulnerable. In an effort to combat this trend, Webroot conducted a survey of more than 500 SMB IT leaders in the UK, revealing common blind spots in SMB cybersecurity practices. As businesses around the globe grapple with similar change, our Size Does Matter: Small Businesses and Cybersecurity report offers insight and guidance for companies regardless of geography. 

The biggest takeaway? We turned to Webroot’s Senior Director of Product Strategy Paul Barnes for his thoughts.

“The damage from data loss or downtime often means substantial financial and reputational losses, sometimes even leading to a business no longer being viable. A key learning for all small businesses should be to stop hiding behind your size. Instead, become educated in the risks and make your security posture a differentiator and business driver.”

When you’re putting together a cybersecurity checklist, you’ll need to do one thing first: check your preconceived notions about SMB cybersecurity at the door. Your business is not too small to be targeted. The data you collect is both valuable and likely vulnerable, and a costly data breach could shutter your business. More than 70% of cyberattacks target small businesses, with 60% of those going out of business within six months following their breach. With both the threat of hackers and the looming possibility of increased GDPR-style data regulatory fines, your small business cannot afford to be underprepared.

The first step to a fully realized cybersecurity program? An unflinching look at your company’s resources and risk factors.

“Understand what you have, from a technology and people perspective, and the risks associated with loss of data or operations, whether through externally initiated attacks or inside threats,” advised Barnes. “This will allow you to plan and prioritise next steps for protecting your business from attack.”

For established SMBs, this type of internal review may seem overwhelming; with so many employees already wearing so many hats, who should champion this type of effort? Any small business that is preparing to modernize its cybersecurity protocols should consider bringing in a managed service provider (MSP) to do an internal audit of its systems and to report on the company’s weaknesses and strengths. This audit should serve as the backbone of your cybersecurity reform efforts and — depending on the MSP — may even give you a security certificate that can be used for marketing purposes to differentiate your brand from competitors.

With a strong understanding of your company’s strengths and weaknesses, you can begin to implement an actionable cybersecurity checklist that will scale as you grow, keeping your business ahead of the data security curve. Each SMB’s checklist will be unique, but these best practices will be integrated into any successful cybersecurity strategy.

Continuous Education on the Latest Threats

A majority of small to medium-sized businesses rely on software systems that are constantly evolving, closing old security gaps while potentially opening new ones. With a tech landscape in constant flux, one-off security training will never be enough to truly protect your business. Comprehensive employee training that evolves alongside cybersecurity threats and data privacy regulations are your company’s first line of cybersecurity defense. Include phishing prevention practices in these trainings as well. Although seemingly old hat, phishing attacks are also evolving and remain one of the largest causes of data breaches globally. Continuous training of employees helps build a culture of security where they feel part of the team and its success. 

Regular Risk Assessment and Security Audits

Just as one-off training is not sufficient in keeping your staff informed, a one-off audit does nothing to continuously protect your company as it grows. Depending on your industry, these audits should take place at least annually, and are the best way to detect a security flaw before it is exploited. Factors such as the sensitivity of the data your business houses, and the likely impacts of a successful breach—your risk profile—should guide decisions regarding the frequency of these security audits.

Disaster Response Plan

Having a prepared disaster response plan is the most effective way to mitigate your losses during a data security breach. Backup and recovery tactics are critical components of this plan. It should also include a list of security consultants to contact in order to repair the breach, as well as a communications plan that notifies customers, staff, and the public in accordance with data protection regulations. An MSP can work with your company to provide a disaster response plan that is customized to your business’ specific needs.

Bring Your Own Device

Never scrimp on mobile security. Many companies now tolerate some degree of bring-your-own-device (BYOD) policy, giving employees increased convenience and employer accessibility. But convenience is a compromise and, whether it be from everyday theft or a malicious app, mobile devices are a weak point in many company’s security. Including mobile security guidelines like automatic device lock requirements, strong password guidelines, and failsafe remote wipe access in your BYOD policies will save your company money, time, and heartache.

Layer Your Security

Finally, ensure your business has multiple layers of defense in place. Accounting for endpoint devices is no less critical than it’s always been, but businesses are increasingly learning that networks and users need protection, too. DNS-layer security can keep employees from inviting risky sites onto your network, and security awareness training will help your users recognize signs of an attack. No one solution is a panacea, but tiered defenses make a business more resilient against cybercrime.

Survey says: We don’t have time for this

One of the largest impediments to SMBs adopting these modern cybersecurity protocols is the perceived time cost, with two-fifths of IT leaders surveyed by Webroot stating they simply do not have the time or resources to fully understand cybersecurity threats. The uncomfortable truth is that, if you can’t find the time to protect your data, a hacker whodoes have the time is likely to find and exploit your security gaps. But there is a silver-lining, the smaller size of an SMB actually allows for a certain level of agility and adaptiveness when implementing cybersecurity policies that is inaccessible to tech giants.

“SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating employees on risk mitigation, because people will always be the first line of defense,” said Barnes.

You’ll find additional benefits beyond the base-level protection a comprehensive cybersecurity plan provides. As 33% of SMBs surveyed by Webroot say they prefer not to think about cybersecurity at all, demonstrating that your company is ahead of the problem can be a powerful way to distinguish your business from its competitors. With consumer data privacy concerns at an all-time high, a modern cybersecurity checklist may be one of the best marketing tools available. The best way to stay ahead of cybersecurity threats is to stay informed. Read the entire Size Does Matter: Small Businesses and Cybersecurity report for an in-depth look at how your SMB contemporaries are handling data protection, and stay up-to-date with Webroot for additional cybersecurity reports and resources.

Top 5 Things SMBs Should Consider When Evaluating a Cybersecurity Strategy

Reading Time: ~ 3 min.

SMBs are overconfident about their cybersecurity posture.

A survey of SMBs conducted by 451 Research found that in the preceding 24 months, 71% of respondents experienced a breach or attack that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties. At the same time, 49% of the SMBs surveyed said that cybersecurity is a low priority for their business, and 90% believe they have the appropriate security technologies in place. Clearly, SMBs are not correctly evaluating cybersecurity risk.

Many of us can relate – each day we ignore obvious signs that point to a reality that is in direct contrast to our beliefs. For example, as each year passes, most of us get a little slower, muscles ache that never ached before, we get a bit softer around the middle, and we hold our reading material farther away. Yet, we are convinced we could take on an NBA player in a game of one-on-one or complete the American Ninja Warrior obstacle course on the first try. 

While it’s unlikely that most of us can make the improvements needed to compete with elite athletes, the same can’t be said for enterprise cybersecurity. The journey is not an easy one given the security talent vacuum, a lack of domain understanding at the executive level, and the complexity of implementing a long-term, metric-based strategy. But, if you are an SMB struggling to run up and down the proverbial court, here are five things you should consider when building a better security practice:

1.   Experienced staff are valuable, but expensive, assets. 

Although enterprise cybersecurity is a 24/7/365 effort requiring a full roster of experienced professionals, many SMB cybersecurity teams are underequipped to handle the constant deluge of alert notifications, let alone the investigation or remediation processes. In fact, only 23% of survey respondents plan to add staff to their security teams in the coming year. For many SMBs, the security staffing struggles may get worse as 87% reported difficulties in retaining existing security professionals. To fill this gap, SMBs are increasingly turning to MSPs and MSSPs to provide the expertise and resources needed to protect their organizations around the clock.

2.   Executives understand what is at stake, but not what action to take. 

As the threat landscape becomes more treacherous, regulatory requirements multiply, and security incidents become more common, executives at SMBs have become more acutely aware of the business impact of security incidents – most are feeling an urgency to strengthen organizational cybersecurity. However, acknowledging the problem is only the first step of the process. Executives need to interface with their internal security teams, industry experts and MSPs in order to fully understand their organization’s risk portfolio and design a long-term cybersecurity strategy that integrates with business objectives.

3.   Security awareness training (SAT) is low-hanging fruit (if done right). 

According to the 451 Research Voice of the Enterprise: Information Security: Workloads and Key Projects survey, 62% of SMBs said they have a SAT program in place, but 50% are delivering SAT on their own using ‘homegrown’ methods and materials. It should be no surprise that many SMBs described their SAT efforts as ineffective. MSPs are increasingly offering high-quality, comprehensive SAT for a variety of compliance and regulatory frameworks such as PCI-DSS, HIPAA, SOX, ISO, GDPR and GLBA. SMBs looking to strengthen their security posture should look to partner with these MSPs for security awareness training.

4.   Securing now means securing for the future. 

The future of IT architecture will span both private and public clouds. This hybrid- and multi-cloud infrastructure represents a significant challenge for SMBs that require a cybersecurity posture that is both layered and scalable. SMBs need to understand and consider long-term trends when evaluating their current cybersecurity strategy. With this aim in mind, SMBs can turn to MSPs and MSSPs with the experience and toolsets necessary for securing these types of complex environments. 

5.   A metrics-based security approach is needed for true accountability. 

In a rush to shore up organizational security, SMBs might make the all-too-common mistake of equating money spent with security gained. To be clear: spending not backed by strategy and measurement only enhances security posture on the margins, if at all. To get the most bang for each buck, SMBs need to build an accountable security system predicated on quantifiable metrics.Again, this is an area where SMBs can partner with MSPs and MSSPs. This serves as an opportunity to develop cybersecurity strategy with measurable KPIs to ensure security gains are maintained over time. MSPs can help SMBs define the most applicable variables for their IT architectures, whether it be incident response rate, time-to-response or other relevant metrics.

The strategic reevaluation of organizational security is a daunting task for any organization, but given the risks SMBs face and their tendency to be underprepared, it is a necessary challenge. These key points of consideration for SMBs embarking on this critical journey underscore the importance of building an accountable and forward-looking security system and highlight the ways in which SMBs can work alongside MSP or MSSP partners to implement the right cybersecurity system for their organizations. I hope this will be the wake-up call all SMBs need to unleash their inner cybersecurity all-star.

If you’re interested in learning more about how other SMBs are approaching cybersecurity, read my report Security Services Fueling Growth for MSPs.

Reducing Risk with Ongoing Cybersecurity Awareness Training

Reading Time: ~ 3 min.Threat researchers and other cybersecurity industry analysts spend much of their time trying to anticipate the next major malware strain or exploit with the potential to cause millions of dollars in damage, disrupt global commerce, or put individuals at physical risk by targeting critical infrastructure.

However, a new Webroot survey of principals at 500 small to medium-sized businesses (SMBs), suggests that phishing attacks and other forms of social engineering actually represent the most real and immediate threat to the health of their business.

Twenty-four percent of SMBs consider phishing scams as their most significant threat, the highest for any single method of attack, and ahead of ransomware at 19 percent.

Statistics released by the FBI this past summer in its 2017 Internet Crime Report reinforce the scope of the problem. Costing nearly $30 million in total losses last year, phishing and other social engineering attacks were the third leading crime by volume of complaints, behind only personal data breaches and non-payment/non-delivery of services. Verizon Wireless’s 2018 Data Breach Investigations Report, a thorough and well-researched annual study we cite often, blames 93 percent of successful breaches on phishing and pretexting, another social engineering tactic.

Cybersecurity Awareness Training as the Way Forward

So how are businesses responding? In short, not well.

24 percent of principals see phishing scams as the number one threat facing their business. Only 35 percent are doing something about it with cybersecurity awareness training.

One of the more insidious aspects of phishing as a method of attack is that even some otherwise strong email security gateways, network firewalls and endpoint security solutions are often unable to stop it. The tallest walls in the world won’t protect you when your users give away the keys to the castle. And that’s exactly what happens in a successful phishing scam.

Despite this, our survey found that 65 percent of SMBs reported having no employee training on cybersecurity best practices. So far in 2018, World Cup phishing scams, compromised MailChimp accounts, and opportunist GDPR hoaxers have all experienced some success, among many others.

So, can training change user behavior to stop handing over the keys to the castle? Yes! Cybersecurity awareness training, when it includes features like realistic phishing simulations and engaging, topical content, can elevate the security IQ of users, reducing user error and improving the organization’s security posture along the way.

The research and advisory firm Gartner maintains that applied examples of cybersecurity awareness training easily justify its costs. According to their data, untrained users click on 90 percent of the links within emails received from outside email addresses, causing 10,000 malware infections within a single year. By their calculations, these infections led to an overall loss of productivity of 15,000 hours per year. Assuming an average wage of $85/hr, lost productive costs reach $1,275,000 which does not necessarily account for other potential costs such as reputational damage, remediation cost, or fines associated with breaches.

One premium managed IT firm conducted its first wave of phishing simulation tests and found their failure rate to be approximately 18 percent. But after two to three rounds of training, they saw the rate drop to a much healthier 3 percent.1

And it’s not just phishing attacks users must be trained to identify. Only 20 percent of the SMBs in our survey enforced strong password management. Ransomware also remains a significant threat, and there are technological aspects to regulatory compliance that users are rarely fully trained on. Even the most basic educational courses on these threats would go a long way toward bolstering a user’s security IQ and the organizations cybersecurity posture.

Finding after finding suggests that training on cybersecurity best practices produces results. When implemented as part of a layered cybersecurity strategy, cybersecurity awareness training improves SMB security by reducing the risks of end-user hacking and creating a workforce of cyber-savvy end users with the tools they need to defend themselves from threats.

All that remains to be seen is whether a business will act in time to protect against their next phishing attack and prevent a potentially catastrophic breach.

You can access the findings of our SMB Pulse Survey here.

1 Webroot. “Why Security Awareness Training is an Essential Part of Your Security Strategy” (November, 2018)

Top 3 Questions SMBs Should Ask Potential Service Providers

Reading Time: ~ 1 min.

It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing `

In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?

Here are the top 3 questions any business should ask a potential security provider before signing a contract:

 

 

 

 

 

While these are not all of the questions you should consider asking a potential service provider, they can help get the conversation started and ensure you only work with service providers who meet your unique needsservice providers who meet your unique nee.

  1. Ponemon Institute. (2016, June). Retrieved from Ponemon Research: https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
  2. Ponemon Institute Cost of Data Breach Study: (2017 June) https://www.ibm.com/security/data-breach

Webroot’s 2015 SMB Threat Report: An Analysis

Reading Time: ~ 3 min.Recently, Webroot published 2015 SMB Threat Report: Are organizations completely ready to stop cyberattacks?, which included the results from a survey of 700 SMB decision makers worldwide about their IT security, their readiness for security response, and use of MSP recourses in their environment.

Many SMBs are outsourcing cybersecurity to managed services providers (MSPs) to make up for the lack of time and in-house expertise. According to the report, 81% of respondents agreed such outsourcing would improve their bandwidth for addressing other tasks. With the majority of SMBs surveyed planning to increase their cybersecurity budget in 2016, VARs across a broad variety of industries are beginning to embrace this service-centric relationship with their clients. For customers, choosing to work with an MSP means they avoid installation and maintenance headaches. They also avoid diverting resources towards laborious IT security support tasks or ad hoc break/fix reseller charges.

smb1

Although SMBs appear more aware of cybersecurity-related risks to their organizations, many are still unsure or under-informed about their own readiness to handle such risks even with heavy investments of time into protecting the environments. Incredibly, even with 56% of respondents reporting over 17 hours spent on cybersecurity, 44% are still feeling they have less time to stay up-to-date on threats.

smb2

smb3

Just 37% of IT decision makers surveyed in the US, the UK, and Australia believe their organizations are completely ready to manage IT security and protect against threats. While I am not entirely surprised given the considerable cybersecurity challenges SMBs face, but it’s still an alarmingly low number.

On the flip side, when asked how confident IT decision makers would be that someone on their staff could deal with a cyberattack, a surprising 84% responded confidently. Given the other responses to this survey, this was unexpected and indicates a discrepancy and possible misperception of IT resources, knowledge, and capability to thoroughly address a cyberattack.

smb4

Webroot’s SMB Threat Report makes it clear that the future of security is in need of some change with IT decision makers are stretched thin. In the near future, we should expect a continued movement towards “outsourced IT,” particularly on the cybersecurity front. According to the survey, 81% of respondents believe outsourcing IT solutions would increase their bandwidth to address other areas of their business. In order to reap the full array of benefits, though, IT decision makers must be proactive about identifying MSPs that offer “intelligent cybersecurity” solutions.

Our definition of intelligent? Solutions that are easy to install, can be managed remotely, and provide real-time protection against modern threats. While these are all important qualifications, we expect SMBs to place an increased premium on the “real-time” component.