Small- and medium-sized enterprises (SMEs) are increasingly storing more valuable customer and financial data, creating a new playing field for cybercriminals to attack them almost as frequently as larger companies.
Unfortunately, SMEs’ budgetary constraints and lack of internal expertise make it difficult for them to implement comparable defenses. However, the financial impact and reputational damage of an attack can be particularly devastating to a small business — especially with the cost of a data breach rising more than 13% to $3.31 million this year.
No matter how you slice it, cyber preparedness has never been more critical for SMEs. Managed service providers (MSPs) must help their customers become incident-ready through proactive and actionable incident response planning.
Support Through IRP
SMEs often relegate incident response planning—and cybersecurity in general, in some cases—to the back burner due to a lack of time and resources. But with the threat landscape intensifying and the average ransom doubling, a comprehensive incident response plan (IRP) is now a must for preserving your customers’ cybersecurity hygiene and bottom lines.
By taking a thoughtful and tailored approach that addresses your SMB customers’ needs and resource constraints, you can ensure they are equipped to respond effectively to attacks. Here are five ways to do that:
- Assess Customers’ Preparedness.
If you haven’t discussed IRP with your customers, it’s time to start a conversation. Speak with each of your customers to assess their current plans. Do they have an IRP in place? If so, when was it last updated? Have you reviewed the plan? Asking these questions can help determine the following steps: refining a customer’s current IRP or starting from scratch.
- Assist in Creating an Actionable Plan.
If a customer lacks a comprehensive and up-to-date IRP, CISA offers advice and guidance you can leverage as a starting point. For instance, CISA recommends that organizations select a security program manager to create their written IRP, which should include actions to take before, during, and after a security incident. Ask customers to appoint this individual, who also can serve as your point of contact regarding the IRP.
As you offer guidance in drafting the plan, consider the following: Does it outline specific roles and responsibilities so employees know what to do during an incident? Is the plan straightforward, actionable, and tailored to the organization’s risks and resources? Additionally, ensure the IRP is available to all organization members and review it as a group.
- Facilitate Tabletop Exercises.
Encourage customers to host tabletop exercises (TTXs)—simulated cybersecurity incidents designed to test an organization’s ability to respond to a real-world attack—with you as a facilitator. These exercises are scalable, making them an effective way to test your customers’ IRPs, no matter their headcount.
To facilitate TTXs, you can develop scenarios or leverage CISA resources offering practice exercises and discussion questions. Encourage participants to think out loud, have the organization’s physical IRP on hand, and take note of any gaps. After each exercise, hold retrospectives and work with the customer to refine their plan, ensuring it reflects their resource availability and evolving threats.
- Fill in Customer Security Chasms with Third-party Services.
You may uncover gaps in customers’ defenses where both you and the customer lack resources to address a given issue — especially in an environment that requires around-the-clock threat monitoring. Many MSPs turn to third-party cybersecurity providers to complement their services in these cases.
While services like managed detection and response (MDR), have upfront costs, they equip customers with a dedicated team of experts to navigate dynamic threats, helping decrease their likelihood of falling victim to costly data breaches. Some cybersecurity providers also offer incident response retainers that enable experts to quickly jump into active threats, investigate, and remediate them. Collaborate with customers to assess their security needs and provide insights to guide strategic investments in third-party services.
- Promote a Culture of Security.
While helping customers build their IRP, don’t overlook day-to-day security hygiene. Instead, help establish and promote a security-first culture through education and training, such as phishing training, to lay the foundation for an effective IRP. Ensure customers have adequate defenses, like multi-factor authentication (MFA) and strong password policies. Even the most thorough IRP can’t rectify human error or lax security practices.
Build SMB Resilience By Being Proactive
The increasing overlap between the technologies and infrastructure used by SMEs and large enterprises means their attack surfaces have more in common than ever.
But while facing the same sophisticated threats as large enterprises, your SMB customers need more depth of resources and expertise to prevent and mitigate the resulting attacks.
Through comprehensive incident response planning tailored to your customers’ resource availability and risk exposure, you can ensure they are prepared to act before, during, and after a cyberattack.
The author is the vice president of global MSP & cloud alliances for Sophos.
