SMEs face a host of security challenges. They lack the resources and scale of large enterprises, meaning that within the skills-constrained environment in Australia, it’s challenging to find and hire the right talent.
With limited budgets, a lack of expertise, inadequate security tools and a lack of training, cybercriminals are increasingly targeting SMEs as “easy targets.”
Andrew O’Shea, Principal Consultant Cube Cyber, explains why managed services are the answer and how what is traditionally seen as an enterprise solution can become compelling to small businesses and the mid-market.
At a high level, what’s your take on Managed Detection and Response? What do people need to know about it, and what is the Cube Cyber’s spin on it?
Managed Detection and Response – MDR – is a cybersecurity service that provides organisations with proactive threat monitoring, detection, and response capabilities. MDR services are designed to help organisations detect and mitigate cyber threats and security incidents more effectively by outsourcing these functions to specialised security experts.
It features several components melded together and then used to deliver a robust security outcome for a customer. What we do, which is a little different than everybody else, is that we’ve geared our solution towards smaller and mid-market customers. We do a lot of automation so that we can deliver a complete MDR solution at scale, and in a way that’s affordable for this kind of customer.
What do midmarket customers struggle with, beyond costs, when it comes to cyber security?
Instead of these organisations hiring a dedicated security person who will effectively only work 40 hours a week, they can engage us for a full MDR service, usually for less than the cost of a full-time employee. One of the biggest challenges for these organisations is the lack of capacity within their teams. They don’t know what they don’t know because they simply haven’t got the expertise, and so it becomes something valuable that we offer them by partnering with them so closely.
We hold monthly service delivery meetings with our customers where we detail their vulnerabilities; incidents prevented, and the overall cybersecurity posture of the organisation. It’s that in-depth insight into the environment on an ongoing basis that’s usually difficult for smaller and midmarket companies to attain, so they’re essentially getting enterprise-class features through our MDR service.
This is where MDR services are extremely beneficial for organisations that lack the in-house expertise and resources to effectively monitor and respond to cybersecurity threats.
What are mid-tier organisations doing about security now, if they can’t afford dedicated staff and don’t have managed services?
They’re carrying the risk in most cases. What we offer that really helps the customer is guidance on articulating what the risk looks like to the business. We help the customer audit their environment and understand where their investments have been so far, what infrastructure and processes they currently have, and how they can be reused to mitigate the risk.
Most small businesses and mid-tier organisations have some elements of security in their environments, and one of the reasons we have a very high customer retention rate is that we don’t sell them things they don’t need. What works in this space is having a hybrid and adaptable model, where we work with the customer and their existing resources and help them fill the gaps. That allows them to extract maximum bang for their buck.
To what extent are these mid-tier customers targets?
Just last week, a customer asked, “Why do we need to spend this money? We wouldn’t be a big target to anybody.” That’s a dangerous mindset, and they couldn’t be more wrong because smaller organisations are now the biggest target. Criminals know large enterprise customers have significant cyber infrastructure protection and resources that they need to overcome.
Enterprises generally have the best cybersecurity protection, whereas hackers and malicious actors know that a small SME has budget, infrastructure, and skills constraints, which makes them easy targets.
With that being said, smaller organisations are now realising that, yes, they are game for a lot of these kinds of malicious actors. They are looking for solutions to help them address that problem.
Where do you think the heightened security awareness among SMEs is coming from?
It’s two-pronged. The number of cybersecurity breaches getting airtime is undoubtedly helping people learn about the challenges. In addition to that, the introduction of the mandatory data breach notification guidelines means that we have far more information that is relevant to an Australian audience regarding the extent of the threats and how they’re affecting local businesses. For example, we now have data showing that health care is the number one priority and financial organisations are number two.
Find out more about Cube Cyber’s MDR solution.