With regards to cybersecurity, it seems, SMBs are easy to please.
According to just-published data from Malwarebytes, 56% of U.S. businesses with 50 to 999 employees either somewhat or strongly concur that it’s not a matter of if but when they will suffer a successful cyberattack. Yet even so fully 91% of those same organizations say they’re either satisfied or completely satisfied with their endpoint protection solution, and an even greater 95% say they trust their current endpoint protection provider.
Mark Strassman, who became chief product officer at Malwarebytes last month, sees opportunity in that disjunction.
“Expectations are low,” he says, “and I don’t think they need to be.”
Strassman points to further data from the vendor’s SMB Trust & Confidence Report 2021, which polled 704 IT decision makers this January, as evidence that SMBs may have misplaced faith in their security vendor. When asked how they know that their anti-malware software is working, 50% said because their endpoints and network are running normally and 47% said they’d get alerts if something was wrong.
Both beliefs, the Malwarebytes report asserts, are based on a false assumption that nothing is slipping past the product surveyed SMBs are using at present. In January alone, though, a free trial version of Malwarebytes software found infections on 512,781 of 5,021,761 devices that had another endpoint security product already in place. That’s greater than 10%, Strassman notes, and suggests end users are doing far too little to verify that their security solution is working as promised.
“There’s a big ‘set it and forget it’ attitude,” he says.
Urging buyers to be more vigilant and skeptical about the security systems they use is part of Strassman’s emerging product strategy. “There’s an opportunity for users to constantly evaluate the solution they’re using and really do testing against it to pick the one that works best,” he says.
The free malware removal tool Malwarebytes is known for gives the company a beachhead for that effort, Strassman continues. The solution has been used on 100 million devices to date, he notes, and found invaders on many of those systems despite the presence of competing endpoint security software.
“We already have this free solution that provides a network effect and provides value to our customers,” he says. Leveraging that foothold to drive adoption of more complete, paid solutions, he adds, is an intriguing prospect.
Strassman also envisions employing the threat intelligence database Malwarebytes currently provides to users of its higher-end Nebula security platform to help users who upgrade to paid products get in the habit of continually evaluating the efficacy of those systems.
“We can set it, but we shouldn’t let them forget it. We need to let users know how protected they are,” he says. “There’s an opportunity to let users challenge our protection, to actually show them the different resources, to show them how they can test, how they can verify, to be much more transparent about that.”
Strassman foresees expanding that protection to encompass technologies like endpoint detection and response that big businesses take for granted but too few SMBs use at present. “I think there are a lot of legacy players in SMB that frankly aren’t doing a very good job,” he says. “Then there’s a lot of high-end players focusing on the Fortune 500s.” That, he believes, leaves Malwarebytes room to grab market share by offering SMBs access to protections used routinely by enterprise buyers.