While many SMB’s (small and medium-sized businesses) believe they are not a target for today’s cybersecurity breaches, the reality is that every business remains a target for threat actors looking to leverage weak points of entry or vulnerabilities. From phishing attempts to exploiting vulnerabilities through hardware and software products reaching end of life, every organization should take steps to remediate these easy entry-points for bad actors.

As 2020 has forced organizations to modify workforce deployment and threat actors have looked to leverage new potential security vulnerabilities, Managed IT services are required to evolve with renewed due diligence and expansion of the security landscape. This starts with reviewing relationships with clients and leveraging the trust in those relationships for what can be hard conversations. As service offerings have also evolved, there may be services that clients are missing simply due to prior lack of availability or perhaps, due to pushback at the time of offering. It is time that both parties (MSP and Client) come to clear understandings of vulnerabilities, solution offerings, and acknowledgment of remediation options.

Common Cybersecurity Activities to Correct the Most Common Vulnerabilities

  • Regular phishing tests – simulated email campaigns used to test employee propensity to click unsecured links within an email These campaigns provide an opportunity to review employee compliance, enhance security awareness training, and potentially improve threat protection services.
  • Security awareness training – acceptable user policy implementation and adherence as an integral part of defense in depth. These are often ignored or not thought Employees simply don’t know what they don’t know and it’s an ever-evolving landscape. Employees remain the best defense against a threat.
  • AI (artificial intelligence) next-generation virus protection – anti-virus technology that pushes all detection and response decisions down to the endpoint, eliminating response latency that can mean the difference between a minor security event and a widespread, uncontrolled security incident.

Despite the rising number of breaches and threats, some business leaders still adhere to the adage “if it ain’t broke, don’t fix it.” However, this is a flawed position, especially in regard to technology and security infrastructure. According to Adam Rauh, Lead Solutions Engineer at Tableau Software, “if it ain’t broke, don’t fix it” only works if a business is operating in a closed system. To be clear, IT is not a closed system. Even if budgets are set, processes efficient, and ROI acceptable, security complacency increases risks exponentially. Why? Because threat actors believe in continuous improvement, and business leaders should too.

As IT is not a closed system, the cloud is constantly driving agility and efficiencies in digital transformation strategies1. Costs are routinely being driven down, new and more capable technologies are being developed every day, and, perhaps most importantly, new vulnerabilities are constantly being discovered.

In many cases, business leaders consume themselves in delays and over-analysis of solution opportunities while keeping the organizations vulnerable to unrealized threats. It is the cost of doing nothing that puts a vulnerable organization on the cusp of real and dramatic costs should a breach occur.


1 https://www.thinkhdi.com/library/supportworld/2019/cost-doing-nothing-why-keeping-status-quo-is-hurting-it-departments.aspx