The 3 keys to IT security for SMBs

In collaboration with Netsurion.

Cybersecurity is about more than just technology – it’s also the people and processes in place to ensure that organizations enact security measures in a way that minimizes risk.

Finding the right people with the right skills and knowledge to keep the business safe from online threats is a challenge at the best of times. Add the complications around COVID-19 and the complexities of remote work and an expanding threat landscape, and it’s no surprise that a recent forecast suggests cybersecurity spending could increase to outpace overall economic growth by early 2021.

Is your small or mid-sized business ready for these challenges?

To help you answer that question, we explore the 3 biggest cybersecurity threats to SMBs today and how to overcome them.

New challenges

As a small-to-medium-size business (SMB), emerging threats from the new work-from-home scenario may have seemed more annoying than dangerous. Tactics like zoombombing, which at first seemed to be a childish form of cyber harassment, quickly took a darker turn. But as the lockdowns continued, organizations around the world faced steeper challenges.

Many SMBs didn’t fully anticipate the security risks associated with people working on unsecured home networks, accessing work files and data with personal devices or using non-approved cloud-based file-sharing services. For the most part, these organizations had to respond to threats while dealing with (in many cases) steep reductions in revenue and the need for IT personnel to work from home themselves.

The pandemic has also seen a rise in reports of malware, formjacking, and compromised websites, as well as growing numbers of email attacks preying upon concerns about COVID-19.

The rising costs of cyber attacks

A 2019 study of 850 SMBs (ranging from 10 to 1000 employees) found that nearly two-thirds had experienced a cyber attack. Nearly all of those surveyed said that cybersecurity was a top 5 priority in their organization, but 62 percent also said that they didn’t have enough IT talent on staff to adequately defend against attacks. Meanwhile, 52 percent reported that they felt unable to defend themselves against new types of cyber attacks.

Although reports of cybersecurity breaches often focus on the number of records left exposed, in incidents involving SMBs, data loss is often the least of their concerns. Instead, it’s the costs in lost reputation and customers that have an impact, even after the network is secure again. Time is also a critical factor. The longer a breach goes undetected, the higher the associated penalties in lost business.

Every organization needs protection against online threats, malware, suspicious behavior and unusual network traffic. It’s important that protective measures kick in quickly so that businesses can shut down the threat before lasting damage occurs.

What is SOC-as-a-Service and why is it important?

A good security operations center (SOC) is built on 3 important and interrelated components: technology (platform), people, and process.

It takes all 3 working in concert to achieve the goal of cybersecurity defense.

To build the infrastructure for a comprehensive SOC takes several tools and technologies. A complete, tuned security information and event management (SIEM) solution provides the visibility foundation for the platform. Additional elements include firewalls, IPS/IDS, vulnerability assessments, and threat intelligence feeds, so the SOC staff can correlate and analyze activity.

At the same time, endpoint monitoring technologies that scan for vulnerabilities, protect sensitive data, and ensure compliance with industry and government regulations feed into the platform. But no platform can ensure optimal detection without the application of machine learning to the massive amounts of data that flow through it. In turn, this needs to be fine-tuned by human specialists, making up the people component.

A SOC calls for a dedicated team of highly skilled security analysts, with the bandwidth to monitor 24/7. To be able to configure security monitoring tools, do triage, perform root cause analysis and conduct in-depth threat hunting, they need sysadmin skills, capability in a variety of programming languages, in-depth security knowledge and relevant certifications such as CISSP, GCIA, GCFA, and others.

In today’s market, the shortage of security experts is an established fact. Industry group (ISC)2 predicts there will be a global shortage of almost 2 million cybersecurity professionals by 2022. Being an effective member of a SOC team calls for skills, discipline and a clear understanding of all the activities that must be carried out, which leads us to the process component.

Processes related to a SOC are based on a clear definition of the strategy that incorporates business-specific goals and the organization’s risk tolerance. Documentation of the strategy, goals and risk posture forms the basis for process documentation. Each stage of an investigation is spelled out in detail. To ensure the highest quality SOC, an organization may want to pursue ISO certification to demonstrate that proper information security controls are in place. Read more about going from “Zero to SOC” in this whitepaper from Netsurion.

The effects of the cybersecurity skills shortage

Even before COVID-19, many SMBs struggled to staff their network and IT security teams. The 2019  Cybersecurity Workforce Study estimated that more than 4 million positions were left unfilled, and this shortage will only have grown because of the economic impact of the pandemic.

For many organizations, the effects of short-staffed network and IT teams can be serious. Understaffed teams are more likely to be overwhelmed by the number of tools they need to evaluate and implement – an important point to consider when a given SMB might have as many as 50 or 60 different solutions in place.

In the current climate, with many businesses already facing financial pressures due to lost revenue, IT budgets are already straining to protect staff as they work from anywhere, and often, on any devices.

Already challenging before the pandemic, the role of network and IT security is even more complex due to the need to protect a remote workforce and an increased pace of attacks, and they need to do all this with a smaller budget.

Key challenges businesses face to stay secure include:

  • The need to support an already-lean IT team, but without hiring additional staff
  • The ability to access flexible options that meet SMB budget constraints
  • The need for a purpose-built threat detection and response system that uses machine learning, behavior analytics, and security orchestration – all with 24/7 SOC expertise
  • Getting started quickly with minimal training and limited downtime once running

Organizations rely on digital and remote capabilities. They must run fast and lean while maintaining secure networks and avoiding risk gaps in cybersecurity. Netsurion’s industry-leading SIEM platform with a SOC fuses people, process and technology. Netsurion is driven by the importance of cybersecurity and works to make it a reality for every organization, no matter their size or budget.

Connect with us to learn more about the Netsurion solutions that will help keep your business secure against cyber threats.

How technology enhances the learning experience from anywhere

In collaboration with Logitech.

In the immediate response to the COVID-19 pandemic, schools, colleges and universities rushed to come up with impromptu ways of teaching from a distance.

By the end of March, there were more than 930 million downloads of educational applications worldwide, a higher number than ever before. In the United States, online education platform usage rose by more than 10 percent between March and June as students made the switch to distance learning.

The future of back to school

Now, as efforts to restart the economy continue, but with infections still rising in many areas, governments and school officials are looking ahead to the start of the new school year and are hoping for the best (a full return to classrooms) but preparing for the worst (continued shutdowns).

One thing is clear: The safety of students and educators is the top priority.

Getting back into classrooms safely

Many jurisdictions are working hard to get kids back in physical classrooms in the fall of 2020. Several strategies are being considered to keep students safe while also allowing for effective learning, including:

  • Daily health checks, masks, smaller class sizes, reduced contact between students, classroom layouts that allow for distancing, and outdoor physical education classes will minimize risks of infection.
  • At some schools, students may alternate days at school with time learning online.
  • Schools are focusing on core subjects and educators are working hard to create learning experiences that spark students’ curiosity, while also developing curricula that are flexible enough to work well both in and out of the physical classroom.

A big part of back-to-school planning is the awareness that a quick transition back to online learning may be needed in the event of infection. Schools may close for just a few days in the event a small number of students become ill to allow cleaning to take place, but larger outbreaks may result in longer closures lasting weeks, or perhaps even months.

In the post-pandemic classroom, technology will play a more important part than ever in facilitating the learning experience. Using technology designed to maximize engagement and immersion opportunities for remote learning will help teachers and students manage the transition to learning from anywhere.

Enhance learning experiences with the right gear

Effective learning depends on communication between students and educators, and Logitech products help make this possible. Whether learning happens in-class or remotely, the right gear helps students engage and learn with flexibility.

Logitech solutions also help students and educators set up effective remote workspaces that limit distractions, promote concentration, and enable greater opportunities for connection and creativity.

  • Student solutions: Enhance remote learning experiences on school issued devices by connecting to a Bluetooth tablet keyboard that helps students type comfortably. Create virtual face-to-face connections with a webcam and headset for collaborative online learning.
  • Educator solutions: Provide a Logitech webcam and software, such as Logitech Capture, for educators to pre-record and distribute lectures prior to class discussions, maximizing in-class time when or if it’s available, and ensuring that online contact is focused on engaging with students rather than delivering course materials.
  • Classroom solutions: Keep virtual classrooms connected by equipping spaces with conference cameras to share lectures with virtual students or to expand the reach of the physical classroom – by connecting with subject matter experts, like with Microsoft’s Skype a Scientist program.

Expanding the reach of education

Distance learning technology opens possibilities for enhanced learning and global collaboration. For younger learners, remote field trips let them experience places far from home, bringing learning to life. For college and university students, video-first technology solutions offer an ideal way to create an adaptive learning environment that reflects their existing interests and capabilities, giving them an opportunity to connect with peers and access cutting-edge research being done at top schools around the world.

Because these tools are simple to use, students can easily collaborate, share ideas, and freely explore content, and instructors can provide guidance and feedback rather than simply deliver course materials.

Connect with us to explore Logitech’s adaptive technologies designed to help students amplify their voices and reach their full potential.

Digital Acceleration and the Next Normal

We have seen incredible and rapid change in recent times. The idea of “digital transformation” for instance has seen its definition shift dramatically.

For a long time, most of us accepted that the concept involved a long-term strategy to adopt new technologies that would help us to modernize business processes, achieve greater efficiency and in an ideal world cut costs. But the moment the global health crisis struck the entire world stopped and so did just about every digital transformation project.

At first, the response to COVID-19 called for steps that felt less like long-term change than immediate actions to enable the continuity and stability to ensure organizations could continue to operate and people could work safely.

Then, the need to reduce cost and risk took precedence as organizations large and small looked to optimize their environments and entered what could be considered an “efficiency phase.”

Now, as we embark on the earliest stages of a recovery, the idea of digital transformation has re-emerged as an initiative that encompasses the process of defining, designing and delivering on the “next normal.” We understand that many things will never be the same. Some of the ways we live, work, and do business will require a re-model. Others will need a new model altogether.

Accelerating to the Next Normal

How the next normal looks will vary by industry, region and organization but two things we know are: 1) it will be digital-first and 2) it will move faster than ever.

Today, modernization is no longer an IT aspiration – it’s an operational necessity.  Consider the following:

  • An online consumer is 4 times more likely to switch to a competitor if they experience service-related problems (Source: Glance)
  • As many as 78% of consumers have backed out of an online purchase because of bad user experience (Source: Glance)
  • When it comes to adopting a new technology or process, cultural resistance can persist for up to 24 months, making the need to begin the process of change more urgent than ever (Source: Gartner)

Now, to compete and grow, organizations will need to harness this state of digital acceleration, a dedicated effort to rapidly modernize by:

  • Embracing an agile business model: Using modernized applications and infrastructure platforms that support the new requirements of doing business and ensure the ideal customer experience to drive revenue growth.
  • Rethinking the future of work: Re-imagining the workforce and enabling them with secure workspaces and collaboration platforms.

Let’s examine these two vital considerations for technology leaders as they begin to accelerate on the road to recovery.

Embracing an Agile Business Model

In the wake of the COVID-19 outbreak, clothing retailer Zara reported losing over $465 million as 88% of its mall locations closed due to public health and safety measures. In the same period, however, the company’s online sales grew 95%.

As a result, Zara plans to invest $3 billion in developing its online shopping experiences [1].

In the next normal, an inability to adapt to change or innovate at or faster than the pace of the competition will put many organizations at risk of falling behind.

Embracing agile business is about seizing an opportunity to modernize the way you do business and – most important – to differentiate the way you interact with and serve your customers.

This is no easy task.

Some of the organizations we work with have told us, “We have legacy applications and systems we can’t change as fast as we need to.” In fact, organizations today spend 60 to 80% of their IT budgets on maintaining and operating traditional systems, leaving less time and resources for modernization initiatives. [2] Furthermore, 50% of IT leaders say the need to maintain traditional systems is impeding their efforts to transform. [3]

Others asked, “Our competitor’s digital strategy is taking our client base – what technologies should we consider?” Even with a modern, agile approach, Gartner finds 90% of organizations have said the need for skills in cloud infrastructure and emerging technologies outstrips demand.

How can your organization achieve a state of digital acceleration as an agile business?

  • Divest from infrastructure that doesn’t differentiate you: Avoid the burden of managing infrastructure that doesn’t drive a modern and streamlined customer or employee experience by embracing cloud technologies.
  • Focus on building a culture of rapid innovation: Pinpoint and remove barriers to adoption for agile methodologies, DevOps and automation to bring differentiated products and services to market faster.
  • Extend existing on-premises assets where required: Use modern cloud platforms to extend the traditional data center and modernize applications with less complexity and risk.

Rethinking the Future of Work

Over the past several months, employees everywhere have experienced the kind of transformation expected to take years in a matter of weeks – or even days. Where remote work was once considered a perk by some, it’s become a reality for many, perhaps indefinitely.

The immediate response to COVID-19 required IT leaders, along with their business and human resources counterparts, to provide for what their users needed right away: To be able to resume business as usual, safely and securely, with the same quality of experience.

To this end, many organizations needed to implement or drive adoption of new solutions for collaboration, security, remote access and virtual desktops.  As an example, between March 18 and April 29, Microsoft Teams saw 43 million new daily users, a growth of 134% in just over a month. This kind of application adoption has had a considerable impact on IT management and end-user enablement as organizations had to figure out how to deploy, manage and educate remotely.

And many organizations are still adapting to these changes.

Being ready for the future of work involves not only adapting to what the user needs today but also re-imagining the workplace to provide what they need to be successful in the next normal.

This calls for IT leaders to remove the barriers between the physical and digital workplace and break down silos around IT to connect the people, processes, and technologies to support growth and innovation.

How can your organization improve its readiness for the future of work?

  • Remove the barriers between the physical and digital workplace: Bring everyone together with a simple experience via modern working environments that run on cloud-based applications.
  • Empower IT to deliver a great employee experience: Onboard the right management and security solutions to make the employee experience easy to deploy, manage and protect.
  • Build the best employee experience for your organization: Design and deliver an end-to-end productivity and collaboration solution customized for your end-user requirements.
  • Get the most from your investments by ensuring adoption: Leverage strategic partnerships to drive structured on-boarding and usage of new tools and provide ongoing training and IT mentorship.

How Softchoice Will Continue to Help

The road to recovery from the global pandemic will look different for every organization.

From adapting to new challenges to defining your own next normal, Softchoice is here to help you make the right decisions to sustain momentum out of the crisis and thrive in recovery.

 

Are you ready to re-imagine your digital transformation journey?

Explore Softchoice services for Cloud and Enabling End Users.