Forward-looking MSPs understand that adding a security services element to their portfolio is both an opportunity for growth and a necessity for survival. A Ponemon Institute study found that 68% of businesses between 100 and 1,000 employees reported a cyberattack on their company, while 58% reported a successful breach. Those figures represent an increase of 6 and 4 percentage points, respectively, from the previous year’s survey, pointing to an acceleration of attacks on small businesses by threat actors.
Increases in attacks on SMBs are unsurprising, since although cybercriminals may be devoid of morality, they’re certainly shrewd. SMBs represent much softer targets, lacking the resources of larger enterprises to fortify their cyberdefenses and hire critical expertise. Indeed, in that same study, 47% of the SMBs surveyed said they “”have no understanding of how to protect their companies against cyberattacks.””
Yet comprehensive security solutions for small businesses are typically expensive—and are often watered-down versions of enterprise solutions that were not purpose-built for SMB needs. MSPs now have an opportunity to offer SMBs an automated threat detection solution they can afford.
Threat Detection Is Foundational to Cybersecurity
As the recent SolarWinds breach shows, myriad cyberthreats are aimed at companies of all sizes in today’s volatile and still evolving post-pandemic economy. But with the exception of a malicious insider who might physically carry sensitive data out the front door in a backpack, successful attackers have one thing in common: They need to establish a connection with the network via an originating IP address. They need that originating computer to probe the network or launch a phishing attack. They need it to execute the attack—move horizontally, for example—once they’ve penetrated the network. They need that originating IP address to exfiltrate data or establish command and control over ransomware or other malware. Therefore, the seminal defense against modern threat actors is the identification of high-risk, malicious IP addresses that are either connected to, or are attempting to connect to, the end user’s network. These IPs are typically responsible for relentlessly repetitive cyberattacks.
Through algorithms, threat intelligence feeds, and other methods, automated threat detection services identify and assign risk factors to IP locations that attempt to access the network, allowing companies to block those questionable addresses. This typically covers a great majority of attempted network compromises (highly sophisticated attacks that use custom infrastructure to launch attacks are more challenging to identify). Of all the elements that make up a strong cybersecurity program, if an MSP had to choose a top item to deploy, threat detection/blocking should be it.
Traditional Security Programs Are Prohibitively Expensive
There have traditionally been two primary options for organizations wishing to establish a threat detection program, if they choose to do so on their own. They can purchase next-generation firewalls, which often include a threat detection option. Yet these can be high-priced, complex to configure, and typically include only two or three threat feeds with no supplemental threat intelligence or analysis.
An even more labor-intensive and costly option for a typical small or medium-size business is to build their own in-house threat detection capability. This requires:
- The purchase of a threat intelligence feed, an IP look-up, and IP geolocation service, all of which can run between $1,500 and $3,000 annually
- Licensing a security and information event management (SIEM) system, with annual subscription or licensing fees in the $50,000 range
- Hiring a security analyst for an average annual salary of $60,000, no small feat given the current shortage of security analysts to fill open jobs
MSPs Can Fill the SMB Security Gap
Given those options, conventional threat detection solutions have been impracticable for the vast majority of SMB companies. Moreover, most threats targeting these businesses are automated attacks using scanning and brute force techniques from known bad sources. Even the rapidly increasing spread of ransomware often comes via remote connections from known malicious IPs that typical firewalls often ignore.
MSPs are in a unique position to address this security gap in the SMB marketplace, delivering more economical yet effective security through automated threat detection. A smart threat detection solution with an emphasis on threat intelligence can, in and of itself, greatly reduce the risk of a successful attack, providing cost-effective protection for the MSP’s small business clientele.
The chart at right illustrates how MSPs can scale up their incremental revenue by deploying an affordable, automated threat detection and blocking solution across multiple clients. These solutions require minimal security expertise to operate and serve as a revenue-generating offering with no additional staffing needs, while delivering high-margin revenues across an entire customer base. All this while creating value and implementing effective security for the MSP’s small business clientele—within their budgets.
There is little debate among information security experts that cyberattacks will remain a constant if not accelerating threat to SMBs. Such breaches could jeopardize the very existence of certain small enterprises. As MSP clients become more aware of this threat to their businesses, they will look to their existing MSP partners (or their competitors) for cost-effective solutions that genuinely reduce their risk of compromise.
VINCE CRISLER is co-founder and CEO of Dark Cubed. He has more than 20 years of IT and cybersecurity leadership within the Department of Defense, federal civilian government, and private sector.