Security

Security as a Service: Should Small Businesses Outsource Cybersecurity?

With the security landscape changing at an alarming rate, it’s time for SMBs to consider new options.

Donna Marbury is a journalist and award-winning social media and content strategist specializing in healthcare, technology, smart cities and culture.

Since the onset of COVID-19, many small businesses have put cybersecurity strategies and upgrades on the back burner. More employees are working from home, and small businesses are relying on at-home networks to protect sensitive information. This has left organizations vulnerable to a range of cyberattacks, including phishing, invasive malware and password thefts.

Between July and October 2020, there were more than 3.3 million network attacks — a 90 percent increase over the same period in 2019, according to an internet security report by WatchGuard Technologies. Regardless of a business’s size, a single cyberattack can cost at least $200,000, according to the 2019 Hiscox Cyber Readiness Report. Sixty percent of businesses shut their doors permanently after being attacked.

“The pandemic hasn’t changed these risks — it’s just changed how malicious actors target or focus them,” says Corey Nachreiner, WatchGuard Technologies CTO. “Sophisticated malware existed and grew before the pandemic, but now we see attackers specifically targeting home users more and office networks less, as they realize many of the employees and people who might fall for malware are now more likely to be at home.”

Outsourcing cybersecurity through Security as a Service, a subscription-based security service that can give small businesses access to corporate-level cyberprotection for a fraction of the cost, is becoming a viable solution as cybersecurity threats continue to grow.

The Benefits of Security as a Service

Adopting Security as a Service not only gives small businesses access to enhanced solutions, it also helps them streamline IT costs, as one service provider can manage expensive software licenses and hardware, staff, training and cloud storage.

“One of the top benefits of these products is that they offer protection wherever you are and, often, regardless of what platform you are using,” Nachreiner says. “You often don’t need a specific local network device to use Security as a Service products.”

As market demand grows for Security as a Service providers, the Cloud Security Alliance notes that identifying vendors and services they provide has become complex and confusing. The organization lists the top Security as a Service offerings, including a range of products and services, such as:

Network and device monitoring and security
Anti-virus management
Encryption
Email, and link scanning and monitoring
Security awareness training for employees
Identity and access management
Security information and event management
Business continuity and disaster recovery
Data loss prevention

Many Security as a Service products are developed by managed security service providers that procure or license enterprise level security toolsets that can monitor, prevent, notify and react to potential threats. MSSPs can be vital for small businesses, which often don’t have the budget to hire an IT person, let alone a security expert. In addition, these toolsets, combined with the security expertise of those working at the MSSP, can keep devices of all types up to date with security patches.

Finding the Right Security as a Service Provider

Though there are many benefits to using a Security as a Service provider, it is also important to make sure vendors can cover what your company needs and offer evolving support. When researching a cybersecurity provider, Forcepoint offers these tips before onboarding a new provider:

Ensure security policies and certificates are valid — an important step to make before hiring a security vendor.
Look for providers that offer 24/7 network monitoring and guaranteed response times.
Create a plan to manage the fallout of any cyberattacks or to weather disasters and theft that could damage IT infrastructures.
Vet your vendor’s vendors, making sure they work with best-in-class experts that also align with business goals.

It’s also essential to ensure the provider’s solutions are interoperable with existing platforms and offer regular reporting that tracks cyber events, writes Chris Brook from Digital Guardian.

“The beauty of as-a-service offerings is that you can give your users access to these tools instantly. Security as a Service offerings are provided on demand, so you can scale up or down as the need arises, and you can do so with speed and agility,” Brook said.

gorodenkoff/Getty Images