Given our focus on helping small to medium-sized businesses (SMBs) improve their cybersecurity, we are often asked to qualify the minimum size of organization that benefits from our service. In fact, ActZero predominately caters to the “M” side of the SMB equation, but we do have our fair share of smaller organizations that benefit from the tremendous value an MDR service offers, especially when compared to (gulp) an MSS or (GULP!) deploying a stand-alone product in-house. In recent years, it has become apparent that it is the smaller organizations that are even more exposed to risk than the medium or even larger organization. That exposure manifests itself not in the actual potential to be breached (after all, smaller organizations have a smaller attack surface) but rather in the increased risk of devastating consequences when they are breached. Their viability as a business is even threatened.
Recent reports indicate that over 60% of firms don’t have up-to-date strategies (if any) to detect and prevent breaches, and an even more alarming number don’t have a plan of action in case they do suffer from a cyber breach. This suggests that since all organizations are vulnerable to cyber-attacks, it is the smaller organizations that are left defenseless (check out our post on post-breach steps). The price they will pay is much higher than damage to their reputation or brand; the massive recovery and clean-up effort; not to mention any potential financial loss or fines associated with data loss; in fact, greater than half will pay the ultimate price and simply go out of business.
Just how do attackers infiltrate the meager defensive tools smaller organizations have? Here are some basic attack methods:
- Spray & Pray: Hackers release variants of malware into the wild, automating attacks by exploiting unpatched (known) vulnerabilities. Since the addressable market for this attack is so large (orders of magnitude larger than enterprises), it is a viable, cost-effective, and efficient manner to infiltrate smaller organizations.
- Phishing: By sending massive amounts of messages and obfuscating the sender’s information, attackers can trick unsuspecting (and uninformed users) into clicking on links or downloading attachments with malicious payloads, like malware or ransomware.
- Directly Exploiting Vulnerabilities: It is relatively easy to maintain a list of known vulnerabilities in widely used software/services. By running an inexpensive (and easy to conduct) vulnerability scan, it is not difficult to find organizations that are behind on their patching schedule and leverage these ‘open doors’ to infiltrate these networks
As you can see, hackers who operate at scale aren’t going after your small business specifically; they are going after weaknesses that SMBs like yours don’t have the resources to strengthen. Security by obscurity does not work – vulnerabilities are discoverable, making your business a target to those threats that ‘roam the wild.’ When you pair this with the fact that smaller organizations typically employ IT generalists, you start to see why it’s the smaller organizations who suffer the consequences. These resources normally function to maintain the network and ensure smooth operations. They are not cybersecurity experts, and they typically do not have the expertise (or even time) to manage security controls, and certainly not on a continuous basis.
ActZero’s MDR service protects organizations of all sizes. We have seen so much success with small to medium-sized enterprises because they can extract the greatest value from our service – they gain the ability to be proactive with their security, significantly reducing the risk to their operation. Being able to detect and respond to threats, without the cost of building your own SOC, represents a tangible competitive advantage: all the benefit without the capital expenditure. Although we have many clients with thousands of employees, some of our more vulnerable clients are those with less than one hundred. Such clients recognize that their own (larger) customers will require them to have the same advanced detection and response capabilities and that they can’t afford to have their critical assets go down from a cyber-attack.