Sergey Nivens - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Insufficient SMB security among major issues highlighted by reports

Channel partners weigh in on the state of the security landscape, which recent reports have revealed is troubled by deficient security plans and practices.

Over the past week, three vendors released security reports that together paint an unsettling picture of the security landscape, giving partners food for thought when thinking about building out their security practices, including those for SMB security.

While the three reports -- Dell Security Annual Threat Report, Symantec Internet Security Threat Report 2015 and Verizon Data Breach Investigations Report -- looked at security vulnerabilities, data breaches, malicious code and cyberattacks, the Verizon report also delved into the cost to recover from a data breach. The reports follow the publication of CompTIA's Trends in Information Security study, which found that nearly three-quarters of U.S.-based firms now place a higher priority on security and more than 50% of partners expect IT security revenue to increase.

While it's clear that security attacks show ongoing inventiveness and cunning, one of the more disturbing conclusions from the new reports is that many security breaches could have been avoided had companies been more diligent about their security plans.

For example, Dell observed that businesses overlooked some basic threat points: outdated or unpatched software, under-restricted contractor access to networks, under-secured network access for mobile or distributed workers and under-regulated Internet access. Verizon reported that many cybercriminals still rely on decades-old techniques such as phishing and hacking and that many existing vulnerabilities remain open.

More SMB security attacks

In addition, the Symantec report pointed out that 60% of all targeted attacks struck small and medium-sized businesses (SMB), many of which haven't invested in security or adopted security practices.

"We're seeing more attacks happen in the SMB space at a quicker rate than ever before because … hackers see SMBs as softer targets and they're getting a little more crafty about how they attack them," said Michael Gray, director of network operations at Thrive Networks, an IT services partner based in Tewksbury, Mass.

Not only is Gray's firm having more discussions about security with SMB customers, but he's observed that more SMBs are making security a priority -- a 180-degree turn from five years ago.

"They're reaching out to us, unsolicited, and are asking for more security," he said, adding that it's been great for Thrive's business.

We're seeing more attacks happen in the SMB space at a quicker rate than ever before because ... hackers see SMBs as softer targets.
Michael Graydirector of network operations, Thrive Networks

A Dell SonicWall partner, Gray noted that 90% to 95% of the company's recurring customers have a Dell SonicWall next-generation firewall with all of the security services turned on. "So when a zero-day attack hits, these customers have immediate protection because we're leveraging cloud-based signatures from SonicWall," he said.

Security tools are no longer just for enterprise-size businesses. "Now I think we're going through the next evolution where intrusion prevention systems and intrusion detection systems are becoming just as commonplace as firewalls," he said.

Mark Marro, product champion at Continental Resources (ConRes), a 50-year-old IT solution provider located in Bedford, Mass., said that not all customers put as high a priority on security as they do on other IT projects given limited resources. ConRes is a Symantec Platinum partner, which focuses primarily on Symantec's Veritas business for information management and infrastructure and less so on security. However, the channel partner also sells Dell SecureWorks services to customers and aligns with security vendors such as Check Point, Palo Alto Networks and RSA.

Both Gray and Marro noted that customers are also challenged by the Payment Card Industry (PCI) Security Standards Council standards. In fact, according to Verizon's  2015 PCI Compliance Report, less than one-third of companies maintained full compliance within a year of validation and no more than 74% had sustained compliance with any individual requirement. A key finding in the Dell security report noted a surge in point-of-sale malware and attacks.

Partners bolster security services

Thrive, which was sold in September 2014 to MetTel, a communication solutions provider, will have a stronger managed services offering to address PCI compliance for customers, according to Gray. "We think that we're going to add a lot of power by linking up with MetTel's PCI solutions and our security solutions to give customers a full bundle," he said.

At ConRes, Marro has seen outsourcing of PCI managed services grow in popularity as customers lack resources to manage PCI compliancy themselves. He pointed to Dell SecureWorks network security technology to address industry compliance regulations, including PCI.

Today, ConRes works with other IT partners when needed for additional security expertise. Looking forward, however, the IT solution company sees the writing on the wall for security services, and Marro noted that ConRes' professional services team is in discussions about what its security practice should look like in the next quarter and years out.

Next Steps

Learn how MSSPs benefit from transparency

Tips for protecting your SMB customers against sophisticated cyberattacks

Read about new social engineering techniques

Dig Deeper on Network security products, technologies, services

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your company doing to meet your customers' security needs?
Cancel
“We are going beyond offering a product solution by providing the services needed to detect, analyze and respond quickly so that MSP and Solution Provider partners are truly providing a differentiated service. Given the sophistication and frequency of today’s threats market, it is imperative to have someone closely monitoring your perimeter device activity. With both staffing and cost as continual challenges, there is a big need in the market to provide the detection and analyzation for companies so they are equipped to respond quickly when an attack occurs. This is an important discussion to continue – thank you. Gary Mullen, Vijilan Security”
Cancel
Gary - Security is considered one of the most critical areas for partners in 2015. Very important discussion.
Cancel

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchDataManagement

SearchBusinessAnalytics

Close