Why SMBs are high risk for cybersecurity threats in 2021

| By:
Brian Downey

Cyberattacks can happen to anyone, regardless of company size or industry. This is especially true today, with more remote workers, cloud services, and mobile devices than ever before.

That’s why small and midsize businesses (SMBs) are turning their attention to cybersecurity. ConnectWise’s 2020 State of SMB Cybersecurity report found that 77% of SMBs are concerned about cyberattacks within the next six months, and 73% plan to increase their cybersecurity within the next 12 months. 

Yet that same report found that only 57% of SMBs have in-house cybersecurity experts, and only 43% outsource their cybersecurity. That leaves a lot of SMBs with weaknesses to attack.

As we head toward a new year, MSPs may find themselves in conversations with existing customers who are grappling with remote work and are making cybersecurity a top priority for 2021. There’s significant opportunity for MSPs to offer “MSP plus” service, helping their clients to embrace better security practices. In fact, our 2020 State of SMB Cybersecurity report found that 91% of SMBs would switch MSPs for the right cybersecurity support. 

SMB cybersecurity: Why many don’t think they’re a target

Everyone expects hackers to target big, lucrative targets. Over the years, we’ve seen massive breaches in the headlines, like the Equifax breach in 2017, which compromised sensitive information for tens of millions of people internationally. 

In the face of these headlines, SMBs may assume they’re not a target—but that couldn’t be further from the truth. They may be less likely to make the news, but SMBs are a very popular target for attacks. 

What would you do if a hacker installed ransomware on your computers, shutting you out until you paid a ransom? Or what if an employee clicked on a phishing email and spread malware through the business? 

According to our 2020 SMB cybersecurity report, 55% of SMBs have experienced a cyberattack. Many small to midsize companies hold valuable information that can be exploited, such as customer addresses, payment information, and more. And when it comes to ransomware, SMBs may feel forced into a “do or die” situation, paying a handsome ransom to regain access to computers and business-critical information. 

Here’s a closer look at what makes SMBs a tempting target and how MSPs can help them better protect their assets.

SMBs have access to valuable information

As mentioned, SMBs often have access to valuable information, which can be lucrative for hackers. The 2020 Verizon Data Breach Investigations Report stated that financial motives were behind 83% of attacks on SMBs of under 1,000 employees.

In October 2020, several U.S. federal agencies issued a warning to hospitals and healthcare providers about an increase in ransomware incidents. Beyond this news, SMBs such as dentists’ offices, physicians practices, and other small healthcare providers are also at risk, as well as less obvious businesses, such as regional retail stores, cafes, and restaurants, and even government agencies, school districts, and nonprofits.

How you can help: MSPs can help their SMB clients avoid being targeted for their data with a good RMM, automated patching and policies, and rapid response to ticketing. With the right cybersecurity software, MSPs can also monitor cloud-based applications for data loss, provide an SOC for rapid incident response, and assist SMBs in understanding their data footprint and where greater monitoring and protection are needed. MSPs can also help SMBs prepare for the worst with backup and disaster recovery—helping them get back to normal more quickly after a cyberattack.

SMB cybersecurity training often lags 

Phishing scams are getting more and more convincing, and all it takes is one click to compromise an entire network. This is especially true as more people work remotely. With extended environments, there are more opportunities than ever for social engineering, ransomware, and other cyberattacks. 

How you can help: Before helping others, MSPs should be proactive in getting certified as cybersecurity experts; programs like ConnectWise’s IT Nation Certify program can provide valuable cybersecurity training. Once they’re experts themselves, MSPs can also help companies educate themselves and their workers on vigilance against attacks—so the next sketchy email goes unread and unclicked. Not sure where to start? Here’s a primer on the language of cybersecurity, which can also be a good starting point to a bigger conversation about security practices. Next, engage clients around cybersecurity risks with ConnectWise’s risk assessment tool—this can reveal where clients need help, and offer MSPs a chance to expand support. 

The role of MSPs in protecting SMBs

2020 was an unprecedented year in so many ways, and it has shaped SMBs’ cybersecurity and IT priorities for 2021. In our SMB security survey, we asked about the impact of COVID-19 on cybersecurity—and concerns about remote breaches are driving 42% of SMBs to invest more in their cybersecurity strategy.

There’s too much at stake for SMBs in the next year to put off cybersecurity preparations any longer. Tackling cybersecurity can be daunting to SMBs, but MSPs can support clients with software, services, and education. With IT expertise and the right resources, MSPs are well-positioned to support cybersecurity needs. Together, MSPs and SMBs can keep their systems, employees, and devices safe from bad actors.