Techaisle Blog

SMBs are the backbone of any economy and are crucial in driving innovation and creating jobs. Yet, when it comes to cybersecurity, they often lag behind larger enterprises, lacking the resources and expertise to defend against sophisticated cyberattacks. This is where Managed Detection and Response (MDR) emerges, offering SMBs a cost-effective and scalable solution to secure their valuable data and infrastructure.

The cybersecurity landscape is littered with threats, and small and medium-sized businesses (SMBs) are often the most vulnerable targets. According to Techaisle's research, not many SMBs are aware of Managed Detection and Response (MDR) services, a powerful tool designed to safeguard against cyberattacks. This begs the question: are SMBs missing out on a critical line of defense in today's ever-evolving digital landscape?

Awareness drives adoption

Techaisle’s SMB and Midmarket research data shows that small businesses are at a much earlier stage of their journey to MDR than their midmarket peers. Just 17% of companies with 1-99 employees report being aware of MDR, compared with 61% of core midmarket firms and 76% of upper midmarket organizations. Looking only at companies that are aware of MDR, current adoption rates mirror this pattern: 5% of small businesses that are aware of MDR are currently using these services versus 45% of core midmarket and 58% of upper midmarket organizations and virtually all companies that are aware of but not using MDR are either currently considering MDR or planning to evaluate these services within the next 12-18 months. These statistics indicate tremendous potential in each SMB segment: vendors must boost awareness of MDR’s benefits while executing an effective conversion strategy. This is especially true in small businesses – which should be an excellent fit segment for a managed service.

Selling sophisticated products to SMB customers is a significant challenge for IT vendors. This problem is especially acute with cybersecurity. Most SMB and Midmarket customer environments need defenses against many different types of threats, attackers, and threat vectors. Most SMBs lack the internal resources to understand what is required to protect against vulnerabilities and how different “shields” can be connected without leaving (or even creating) exploitable gaps in defense posture. Even the channel partners struggle to keep pace with simultaneous growth in threats and threat actors, vulnerabilities tied to in-use technologies or common business practices, and the ever-changing security vendor community.

SMB buyers are acutely aware of the threat cyber attacks pose to their businesses. The Techaisle SMB and Midmarket Security Adoption Trends survey of 2,035 IT and business decision-makers from SMB and upper midmarket firms found that nearly 30% of SMBs (1-999 employees) consider cyber attacks to be among the top three issues facing their business, with an additional 26% stating that it is the most pressing/critical IT issue facing their firms. However, less than half of the respondents were more optimistic, choosing one of three responses: “it is a critical issue, but we have established best practices to control cyber attacks,” “it is one of many different issues, and we are satisfied with our status,” or “cyber attacks are not a significant issue.”

Drilling down, we see that small businesses (1-99 employees) are less inclined to see cyber threats as a top-one IT issue or a top-three business issue; this likely arises from the fact that SMBs have less mature IT operations (meaning that many factors that are controlled in larger firms could represent top IT issues) and that they face a wide array of daily business challenges. The data showing that small businesses are likelier to have established best practices to control cyber attacks probably isn’t grounded in market reality: small businesses that handle security internally lack the resources needed to deploy optimal defenses.

However, those relying on a capable third party may reasonably claim to use best practices. Most worrying from this data, though, are the top two bars, indicating that 22% see cybersecurity as “one of many issues, and we are satisfied with our status,” with another 12% claiming that “cyber-attacks are not a significant issue.” There are small businesses – for example, individuals billing larger businesses for hourly labor – for whom cyber attacks wouldn’t represent a critical issue. However, the data shows that one-third of small businesses are unconcerned about cybersecurity. In contrast, independent studies show that most small businesses fail within six months of being breached. Techaisle thinks these businesses likely struggle to find financial justification for investments in meaningful cyber defense and instead persuade themselves that this is not a real business problem for them. Techaisle suspects that many of these firms are tuned into vulnerabilities associated with digital business practices and might be persuadable concerning the value of cybersecurity if issues and remedies were clearly and convincingly presented to them.

Core midmarket (100-999 employees) and upper midmarket (1000-4999 employees) businesses take a more proactive view of these issues. Approximately two-thirds of respondents in each group view cyber attacks as either their most critical IT issue or a top-three business issue, with the core midmarket group evenly split between these positions and the upper midmarket more likely to identify cyber as a top IT concern. More than 80% of these organizations are focused on establishing effective cyber defenses and should be viewed as prime candidates for effective solutions.

Should SMBs worry about cyber attacks?

The data above begs a related question: Is the lack of concern demonstrated by small businesses rooted in reality – is it the case that one-third of respondents don’t have much to fear from cyber-attacks?

According to a series of surveys by Techaisle, cloud cost optimization (CCO) has recently become the top priority for SMBs and midmarket organizations. In 2023-24, cloud cost optimization has moved from being the 2nd priority in 2021-2022 to the 1st. Techaisle survey found that 59% of SMBs and 55% of upper midmarket firms are now focusing on optimizing their cloud costs, making it the top consulting services priority for 100% of firms surveyed. As the adoption of cloud services continues to grow, so do the accompanying costs, which can quickly spiral out of control if left unmanaged. This challenges organizations of all sizes to optimize their cloud costs. Cloud economics and cost optimization consulting are not only challenging for SMB and midmarket firms but also for channel partners. According to a parallel survey by Techaisle, 49% of channel partners have seen an increase in demand for cloud cost optimization consulting. As a result, 72% of partners are planning to offer these services to their customers.

Cloud cost optimization has become crucial for SMBs and midmarket firms to effectively manage their expenses, improve resource utilization, and keep costs within budget. By implementing strategic approaches to cost optimization, businesses are challenged to balance the value of their cloud investments with the need to control expenditure.

KEY CONSIDERATIONS FOR CCO

In 2014, 80% of these firms viewed the cloud as a solution for increasing revenue, while only 20% used it to reduce costs. In 2023, the data flipped. The appeal of the cloud lies in its flexibility, adaptability, and ability to provide resources on demand. However, SMBs and Midmarket firms often end up paying for more resources than they use, leading to unexpectedly high cloud bills impacting their financial stability and hindering growth and investment.

As the market becomes flooded with specialized security solutions, an important question arises: Who can effectively integrate and manage all these different solutions? Cisco is making changes to position itself as a leading contender. As a comprehensive solution provider, Cisco can fill gaps in the cybersecurity landscape and ensure a cohesive approach to security, especially cloud security. It is building and integrating its portfolio of offerings, for example, XDR, Umbrella, Duo, Talos, many others, and now Armorblox.

As threats evolve, security efforts have shifted from solely preventing incidents to investigating them quickly and anticipating future risks. With IT environments now comprising interconnected networks, communication tools, mobile devices, cloud applications, and more, security is a top priority. Techaisle data shows that security is an IT priority for 74% of small businesses, 85% of SMBs, and 100% of midmarket firms. Endpoint security is already relatively widely adopted by SMBs. In addition, security suppliers have made headway in gaining customers for mobile hardware and access control security services. While Endpoint Detection and Response (EDR) tools are helpful, their capabilities are limited to detecting and responding to threats on endpoints and servers. Prevention remains the best approach to security, but detection is essential.

Cisco’s new XDR technology presents exciting opportunities for business growth by leveraging its vast network infrastructure and customer data to tackle security challenges. To strengthen its position in the security industry, Cisco is streamlining its go-to-market strategy and investing in partnerships to unify its cybersecurity offerings. Its partner growth strategy includes upgrading firewalls and refreshing products for existing customers, offering competitive pricing and margins to win new business, and introducing new partner offers for Security Operations Centers, such as Managed Detection and Response using Cisco XDR.

Cyberattacks targeting small and medium-sized businesses (SMBs) have increased, particularly ransomware and DDoS attacks. Implementing multi-factor authentication (MFA) safeguards employee identities and credentials. However, only 16% of SMBs and 25% of midmarket firms use MFA enterprise-wide. Similarly, only 13% of SMBs and 16% of midmarket firms have adopted single sign-on. However, the intent to adopt is significantly higher. Cisco offers MFA and single-sign-on (SSO) through its Duo offering, introducing innovations such as passwordless and risk-based authentication and Verified Duo Push. In addition, Duo has made security more accessible by integrating its Duo Trusted Endpoints capability into all service tiers, allowing users to restrict access only from corporate-managed devices or devices registered with Duo. This helps prevent unauthorized access attempts from unknown devices. In the advanced tiers, users can also assess the devices’ health before granting access and block risky or non-compliant devices, such as those running out-of-date software.

Securing endpoints and servers is essential for organizations, but cybercriminals are finding ways to bypass these measures through covert attacks. Instead of directly targeting high-value assets in data centers, they gain access through laptops and move laterally through the network. As a result, relying solely on an EDR solution or a firewall is not enough to detect and prevent cyberattacks. To fully protect IT infrastructure, it’s necessary to integrate prevention, detection, and response technologies into a single solution. This is where Extended Detection and Response (XDR) comes in, providing a comprehensive approach to security.

XDR builds upon the concept of EDR and expands its scope. It goes beyond the endpoint and server by integrating data from various security tools, including firewalls, email gateways, endpoint, network, identity, DNS, public cloud tools, and mobile threat management solutions. While it is possible to connect these components manually, a comprehensive XDR solution is designed to function as a unified system wherein components are interconnected and work together seamlessly to optimize threat detection and response workflows. Cisco's XDR solution in one such system.