How SMBs are tailoring their cybersecurity programs [Q&A]

The uncertain economic climate has led to many smaller businesses cutting their budgets over the last year. But where cybersecurity spend is concerned this can be a risky move.

We spoke to Geoff Bibby, senior vice president at OpenText Cybersecurity to discuss how SMBs and managed security providers (MSPs) can adapt their security plans while still remaining protected.

BN: How do you view the overall cybersecurity landscape right now compared to expectations from the beginning of last year?

GB: The landscape is evolving by the minute. Attackers are getting smarter, and more resilient. As a result, technology vendors are investing more into security in an attempt to stay ahead, or in some instances, catch up.

Cybersecurity is a key priority and will stay so for the foreseeable future. It's also an industry that every technology vendor, large and small, is investing in. Vendors who are known historically for being in the hardware business are now adding software to give them the much-needed security elements to protect customers. It's definitely a space that is growing exponentially. We are also seeing an uptick in security spending among SMBs in response to increased cyber-attacks.

BN: How have the last few years impacted security spending for smaller businesses?

GB: Over the last few years, we have seen a continued spike in investment in cybersecurity, particularly at the start of COVID when business was moved online. It was a pivotal point for our industry as it drove a significant increase in cybersecurity investments across the board for all businesses. For SMBs, this is where the value of MSP really shined through. MSPs provided quick access to a multitude of cybersecurity services through a cost-effective subscription-based platform. In fact, our Global Managed Security Survey found that eighty-two percent of MSPs and MSSPs cite a key customer requirement is the need for comprehensive, on-demand security.

BN: For SMBs specifically, why do you think they're moving towards consolidated solutions and subscription-based models?

GB: It’s a combination of three main concerns -- staffing, budgets and accessibility. In some areas of the world, like North America, labor can be quite costly and you need to hire multiple specialists across the business to have the diverse skillset needed to remain operational and secure.

As for budgets and accessibility, subscription-based models provide the best package of solutions for most of the security challenges SMBs face. Outsourcing has become increasingly popular and is a large contributor to why the MSP market is booming.

BN: On the topic of consolidation. You previously referenced OpenText Cybersecurity’s Global Managed Security Survey. One of the findings from the report is that 86 percent of MSP customers want to consolidate their security tools. What is driving this demand and how are MSPs working with clients and customers alike to respond?

GB: The number one reason for tool consolidation is ease of doing business. Before we talk about MSPs or customers, take any vendor out there, they have multiple platforms they run their business on; the same holds true their partners and customers. End-users must toggle between screens and platforms to do what should be simple tasks. SMBs want ease of business, consolidating tools into one platform enables businesses to run more smoothly. Following several notable acquisitions here at OpenText -- Zix Webroot, Carbonite and most recently MicroFocus -- we understand the need for simplified security. That is why we are consolidating our tools with SecureCloud, to provide a single platform for all a MSP’s security needs. Ease of business is number one, but it’s also saving time and time is money. It's also far more affordable to invest in one platform than in multiple.

BN: Many SMBs believe they are too small to be a target. What are your thoughts on this, does size matter in the eyes of a cybercriminal?

GB: Nobody's safe. Every individual, every business is a target for a data breach. The predators are out there; they are after your information, bank details or anything they can access. I believe it is our responsibility to help educate our customers and our communities about the importance of cybersecurity to avoid any of future incidents. OpenText takes security awareness training very serious; we frequently update our programs to ensure our partners and customers stay current on the latest threats.

BN: What are the top cybersecurity spending priorities that businesses should focus on right now?

GB: Cybersecurity investments should focus on multiple layers of protection to keep data secure and protected. A great starting point is spam filters and antivirus protection which strengthen email and network security. These tools are an effective way to block cybercriminals from entering a system and serve as a great first line of defense. Unfortunately, as we've witnessed many times, despite having the best tools in place threat actors will look for the weakest link -- often the human -- which is why additional layers are a must. Endpoint, DNS Protection, these are all very important. And in the event all else false and a system is compromised, backup and recovery solutions are essential. And again, I can't stress enough the importance of security awareness training.

Photo Credit: one photo/Shutterstock