Survey says: What you need to know about SMBs and cybersecurity in 2021
The last year put small and medium-sized businesses (SMBs) to the ultimate test, and as we continue to recover, there are new priorities influenced by working from home. But with this comes the added complexity of remote work. As one of the four critical challenges SMBs can’t afford to ignore in 2021, SMBs will have to rely on the experts to help them reach their goals and overcome obstacles.
To help, ConnectWise recently published the third annual The State of SMB Cybersecurity Report, commissioned by Vanson Bourne. This report interviewed 700 IT and business decision-makers globally to gain cybersecurity insights that will allow MSPs to capitalize on opportunities within the market.
A key finding was that technology providers must be able to demonstrate that they are capable of, and have, the necessary skillsets to address the latest security concerns and manage incidents in the current cybersecurity environment—the hybrid workforce.
Changing landscape, changing priorities
As we shift back to the routine of the pre-pandemic times, the reality is that we’ll likely never get back to it exactly. The pandemic changed our priorities. There’s a stronger focus on mental health, spending time with family, and pursuing a true work-life balance. And because of that, working from home isn’t disappearing anytime soon.
Remote work peaked in 2020, with an average of 59% of employees working remotely. Today, it remains that 42% of employees continue to work remotely now. Experts predict that this figure is only expected to fall to 34% in one year’s time.
The past year opened SMBs up to the opportunity and benefits of working from home and has proven that remote work isn’t a trend that’ll be left in 2021 but will continue in the long term. However, organizations will have to be prepared to manage the challenges that come with it today and well into the future.
Businesses everywhere continue to adjust to their new normal, with many taking on a hybrid approach of having remote and onsite work. This tactic allows companies and their employees to be more productive and flexible in their work with the ability to work out of their preferred space.
However, the challenge comes when IT teams now must manage, maintain, and secure these two very different environments. So, what’s in store, and what can MSPs do to help with this transition?
Overcoming cloud-adaptation and security challenges
As companies make every effort to provide a seamless experience for all of their employees—no matter where they’re located—the adoption of cloud-based technologies will continue to grow. Just this past year, cloud adoption has grown from 30% to 41% according and is expected to rise. However, it doesn’t come without its complexities.
One issue is the increase in prioritization of the cloud can expose organizations to further cybersecurity problems if cloud those solutions aren’t adequately protected. While the cloud may be perceived to be more secure, this is not the case if steps aren’t taken to ensure protections are in place, making cybersecurity an even greater concern for organizations.
According to Cisco’s "Future of Secure Remote Work Report," 82% of employers felt that "cybersecurity is now extremely important or more important than before COVID-19." There are growing concerns around how data is accessed remotely and how secure it can get. Technology providers can expect to see organizations placing a higher priority on investing in cybersecurity IT systems and infrastructure. Additionally, only 35% of decision makers report their organization is very well protected against remote devices and employees being breached.
The recent reliance on a vastly expanded remote workforce led to a surge in the number and severity of attacks related to the weaknesses in underlying Internet and information technology infrastructure. According to Verizon, the result was more incidents associated with the telework portion of the Business Continuity Plan (BCP) including, provisions for remote access to services available on an organization’s network, a proliferation in email traffic for internal communications, and an increased reliance on enterprise video and audio communications. With this shift came an increase in malware and social engineering attacks, consistent with the exploitation of general communications. Today, 75% of decision makers agree that their organization is less secure due to the added complexity of a remote workforce.
MSPs need to make sure they’re secure
The temporary changes made to support the move to work from home are no longer temporary. If you haven’t already, you should evaluate each security solution in use to understand how users working from home impact its operation, including:
- Review the effectiveness of your security controls in terms of where employees work for your MSP and for your customers
- Identify controls that are no longer effective
- Determine an alternate deployment architecture or control to cover the risk
MSPs also have to realize that cybercriminals aren’t just going after enterprise companies. Last year, there were 307 breaches in large organizations, with small organizations still pulling in 263 breaches. This year’s data also shows that large businesses have shifted to finding breaches within “days or less” in over half of the cases, while small organizations fared less positively at 47%.
Above all, the work that began at the start of the shutdown is not over—we all have a long way to go to bring security to our “newest normal.” MSPs need to work with their clients to ensure that the quick changes they made during the first shift to remote working are secure at all ends. A good place to start is looking at the complete cybersecurity picture and seeing what needs to be enacted to ensure your clients are secure in all environments, including the hybrid model.
The Vanson Bourne report offers more insight surrounding the SMB’s thoughts about their cybersecurity posture, the relationship with their current MSP, and the remaining critical challenges SMBs can’t afford to ignore.