Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


June 29, 2022 | Paddy Srinivasan

Zero Trust for SMBs: The Key to Deterring Cyberattacks

Recent research reveals that SMBs are more likely than enterprises to experience social engineering attacks. Here’s how a zero-trust solution can protect them.

If you visualize cybercriminals as archers, their gallery of targets became much more crowded at the beginning of the pandemic and is showing no signs of thinning. With the proliferation of remote work, the sheer volume of a small business’s endpoints has grown drastically. And with the dramatic increase in cyberattack targets, many of them poorly protected, cybercriminals are having a field day.

Small and midsize business (SMB) IT professionals and managed service providers (MSPs) are scrambling to avoid a near-constant barrage of cyberattack attempts. According to recent research, small businesses (fewer than 100 employees) experience 350% more social engineering attacks than an enterprise. That same research revealed that one in five companies had at least one compromised account in 2021.

Why are SMBs so vulnerable? And how can MSPs employ a zero-trust solution to help protect them?

Why SMBs Are Particularly Vulnerable

SMBs are oftentimes more vulnerable to cyberattacks than their larger counterparts because they lack the resources to protect themselves from every angle. IT teams at SMBs—and in some cases, just a single IT person or an MSP—are tasked with implementing the best technology to cover as many vulnerabilities as possible. However, cybercriminals are launching more sophisticated attacks beyond malware and spam. Their new phishing lures often sidestep email filtering systems, and as an SMB attack surface expands through new work devices and accounts, there are simply too many openings left in their armor.

Additionally, phishing attempts often zero in on high-value accounts, such as those belonging to CEOs, CFOs, and executive assistants. Unlike large corporations that often shield their C-suite from unsolicited emails, small business leaders are more visible in their community and may distribute their business email addresses more freely.

Understanding Zero Trust as the Solution

Zero trust is an excellent solution for SMBs that are bogged down by cyberthreats and have limited resources to allocate to company cybersecurity. Zero trust upsets the traditional “castle and moat” model of cybersecurity, wherein all you need is a password to cross the moat and gain entry to the castle full of valuable company secrets. The castle-and-moat approach is easily breached, as credential stuffing and phishing attempts are common and low-effort cyberattacks.

A better metaphor is to think of zero-trust architecture as a type of internal law enforcement agency, representing many different validation points, barriers around sensitive content, and strict controls even on verified users. An individual user may be a citizen in good standing in her virtual city with valid credentials. However, according to zero trust, that still doesn’t give her free rein around the city or allow her to access any information she wants without showing an ID or proof she belongs there.

Thus, a zero-trust architecture is much more secure because it assumes that every internal system is either breached or at risk of breach. Business accounts are fiercely guarded by IT and credentials are only distributed to team members who absolutely need them. Through this approach, if a user’s account is hacked, the damage is isolated to as few sensitive accounts as possible.

Technology Is Here to Help

While SMBs could mandate security training for end users every day, cyber arrows are still bound to strike. Employees are often too busy and laser-focused on business tasks to catch every potential threat. SMBs must go beyond user education and acquire the right tools, including secure remote support technology, with a built-in zero-trust architecture and security features that don’t impede usability. It’s critical that businesses understand the delicate balance they must achieve to provide convenient, scalable, and secure technology solutions that minimize cyberattack risks.

PADDY SRINIVASAN serves as chief product and technology officer for GoTo (formerly known as LogMeIn) and has previously held the role of senior vice president and general manager for the company’s customer engagement and support business and vice president of products and engineering for Xively (acquired by Google).

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience