Unless they are targeting you for reasons such as those that are political, cyber adversaries don’t care who you are. Size doesn’t really matter. Small and midmarket organisations (SMBs) are seen as just as valid targets as their larger counterparts—they store and process valuable information, and can provide a conduit into larger enterprises that they do business with—but they have historically not had the same access to effective security tools as corporates.
According to data from ConnectWise, 76% of SMBs suffered at least one cyber attack in 2022, up from 55% in 2020. Two-thirds admit that they do not have sufficient skills in-house to effectively deal with cybersecurity issues. Because of these issues, 78% of SMBs say that they are set to increase cybersecurity investments in the short term. Choosing security products to fix a problem in isolation is complex and expensive, with many offering overlapping functionality to some extent. Yet, for many SMBs there was really no alternative as many vendors focused on providing product suites for the larger enterprises.
An alternative to point products is sorely needed: integrated platforms
As organisations of all sizes extend their network boundaries, their attack surfaces expand dramatically. Email, web and cloud applications are among the main attack vectors, but investing in point products to secure each vector is likely to expose security gaps if the products don’t adequately talk to each other. Valuable security event data from each product may well be not comparable, leading to the big picture being missed—especially since many attacks are aimed at more than one threat vector.
Another capability that should be included in the platform is data loss prevention (DLP). DLP provides a barrier that prevents sensitive data being leaked outside the organisation, especially by insiders with network access, whether their actions are benign or malicious.
Increasingly, vendors of integrated platforms are incorporating extended detection and response (XDR), often through partnerships. These enable monitoring of network traffic flows to provide a more rounded defence.
What is needed is a consolidated security platform that is broad, comprehensive, autonomous and deeply integrated. An ideal combination of capabilities will include email, web and cloud application protection, the latter via a cloud access security broker (CASB).
Incorporating identity tools is a growing necessity since gaining access to user credentials, especially those that come with privileged access rights, is a favoured attack method for adversaries. CASB tools should be integrated with single sign-on tools and multifactor authentication. Tightly integrated, these form the basis of an identity as a service (IDaaS) solution. This will also help organisations in their quest to achieve zero trust, whereby no user or device is automatically trusted, but constantly checked for veracity. Zero trust will help organisations on their journeys to digital transformation, which many organisations of all sizes are embarking on.
The importance of context
Where tools are tightly integrated into one platform, the context behind events observed provides a clearer picture of what is happening on the network. Such contextual information will provide insight into who is doing what with what device, where the threat is coming from and what actions should be taken for the most effective response. Through built-in threat intelligence capabilities, information regarding threats being seen in the real world will help to make sense of the contextual information.
Other capabilities to look for include the incorporation of behavioural analysis and machine learning. This combination of capabilities helps to build a picture of patterns of behaviour so that it is easier to see what is out of line of what is to be expected, for example according to the role of the user, and what is considered to be normal. Risk scores generated from this analysis will enable investigation into the most critical events to be prioritised.
A level playing field for the midmarket
Midmarket organisations that are often strapped in terms of budget and experienced security practitioners will particularly benefit from integrated security platforms. Provided from the cloud as a service, they are easier to set up, manage, maintain and use. The service provider manages such tasks on behalf of all customers, including updates that are sent out automatically to all customers without the need for intervention on the part of the customer.
Since they are cloud based, the services provided by the platform can be accessed regardless of the device used or location of the user. Thus, the same experience is provided for remote workers, which virtually every organisation now caters to.
By subscribing to a comprehensive and integrated security platform service, midmarket organisations will be afforded very high levels of security, giving them peace of mind that their bases are covered. They will better be able to achieve more effective detection and response, alongside ensuring that their compliance objectives such as data protection are met. And all this with less cost and complexity than has traditionally been available to them.