Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business Resilience

Today's top three challenges hindering SMB cybersecurity

By Bharath Vasudevan
Mobile small business checkout
January 12, 2022

To say that 2021 has been a unique year for security is an understatement. While security leaders are hopefully close to having the pandemic under control in their organizations, ransomware is on the rise, the cost of a breach is increasing and many small- and medium-sized enterprises are being forced to put security front and center.

Complicating matters is the need to balance reopening the office and incenting workers who have been remote for two years to return. The world has changed, the “old way of doing things” will no longer suffice and the new “norm” means organizations don’t have the luxury to ignore security any longer. Security has made its way to the top of the priority list and it’s not going anywhere. However, the reality is that building out their security strategies will present obstacles and challenges. Let’s take a closer look at what security challenges small- and mid-sized organizations can expect throughout the rest of 2022 and how to address them.

Challenge: Talent

Talented employees are hard to find, and the good ones continue to get more expensive to retain. Everyone has had talented employees resign because they were given significant salary increases and better titles by the next employer. This begins the uphill battle of finding comparable talent within budget and with no impact to commitments made to the leadership team.

Talent predictions for 2022

Security and information technology (IT) organizations everywhere are faced with similar challenges and are forced to make some difficult choices: Should organizations pay agencies to help find talent? Should they pay for talent they’ve sourced themselves and deal with the fallout later? Do they hold out to find the right candidate at the right price, even if it takes months? Do they train their employees internally only to have them leave in a year for that better title and higher pay?

This forces a focus on the outcomes. For security leaders, the objective is to reduce the likelihood of a successful cyberattack, or in the worst case, mitigate a successful attack before the organization suffers real damage. To do that effectively, security teams need the right resources to get it done. A recent study by (ISC)2 reported organizations would need to grow their security workforce by 65% to effectively defend critical assets. For small and midsize enterprises, this is not a realistic solution. Looking externally may be the best approach to achieving these desired outcomes. Leveraging third-party managed security services (MSS) and managed detection and response (MDR) vendors may be able to help supply the talent that an organization is unable to source.

Challenge: Budget

While IT budgets are under pressure thanks to the rash of cybercriminals making the headlines, cybersecurity is getting some much-needed board-level exposure. Ransomware gangs are taking their proceeds and re-investing it in their criminal enterprises, essentially upskilling themselves. As a result, the visibility of cybercrime has resulted in an increased prioritization of cybersecurity initiatives, and cybersecurity budgets are being preserved and expanding accordingly.

The challenge facing most security organizations is the need to figure out what investments yield the best returns and identifying where those cyber dollars should be spent. The adversaries are constantly evolving and improving and, unfortunately, there is no silver bullet. When pressed, most security leaders don’t feel as though they are more secure this year than last. The past decade of spending confirms that the current strategies are either not working or aren’t enough. Can an organization accept the business risk of partial protection? For most of us, that answer is “No” — so what does that actually mean?

2022 budgeting outlook

It is no secret that a security strategy built solely on best-of-breed prevention tools is insufficient. To achieve an optimal security posture, balancing investments across prevention to handle known threats and broader detection to address unknown threats is imperative. When talking to mid-market organizations, many are in the process of making this journey, and the easiest entry into understanding detection starts with the endpoint solution.

Endpoint detection and response (EDR) tools have been a tremendous improvement over legacy A/V tools, and the explosive growth of the EDR market certainly backs that up.  Over the last year, there has been a rise in the adoption of XDR tools, which extend visibility beyond the endpoint. The right detection strategy certainly leverages these concepts, but only protecting a portion of the potential threat vectors is not enough. The biggest problem is the false sense of security this could provide.

While deploying security tools such as EDR and XDR may improve an organization’s posture, tools alone won’t solve the bigger problem for most small and mid-size enterprises. Consider these two scenarios:

  1. What good are tools if an organization is unable to hire, train and manage the staff to take advantage of them?
  2. What if the staff a small- or medium-sized organization already have are too overwhelmed to absorb yet another tool?

Instituting the right balance of people, processes and tools based on organizational capabilities will yield more actionable outcomes.

There will always be tools offered to solve every single problem out there, but each requires dedicated talent and resources to evaluate, manage and maintain them — something that most organizations cannot afford. This is where a managed approach can stretch dollars and allow security teams to focus precious resources on tasks that are more critical and/or that add value to an organization.

Challenge: Changing environments

This is certainly not a new problem, and it speaks to the lack of processes developed between the IT and Security teams. Over the last two years, the stakes have gotten a lot higher. With the commoditization of ransomware, bad actors can attack targets with greater ease and get paid via untraceable cryptocurrencies, and it takes more time to identify and contain a breach. The constant mainstream headlines only embolden the adversaries.

Addressing environmental change in 2022

Ransomware will still be a problem in 2022 and beyond. With comprised credentials and misconfiguration serving as some of the most frequent attack vectors for cybercriminals, it’s no wonder ransomware continues to be a concern. Not surprisingly, in 2021, the frequency of ransomware attacks doubled from the previous year, according to the 2021 Verizon DBIR Executive Report.

Traditionally, patching has been the tried and tested method to proactively minimize vulnerabilities. This one is tough because patching has been a concern for a very long time, yet organizations still struggle to get it right. Even when alerted to active exploits happening in similar environments, users may remain unable to address their exposures. The process of patching was just too challenging.

It's easy to over-rotate to people and tools, however, the proper way to address this is via a three-step process:

  1. Maintain a proactive patching program
  2. Augment the program with a reactive emergency patching protocol
  3. Implement a comprehensive detection and response program to catch threats that evade the defenses 

Many MDR vendors are building automated response capabilities. Addressing configuration issues and vulnerabilities has not historically been considered a core responsibility or capability for automated response. Response actions are typically triggered to address breaches and incidents. Security and IT teams have an opportunity to leverage response actions to service emergency patching. During active exploits, seconds do matter, and organizations do not have the luxury to wait until the next patching window. Leveraging existing instrumentation, complete with the requisite integrations, greatly simplifies that task. Many organizations may still not want to have fully-automated response actions, even in an emergency situation, but having a human-guided response option with a manual approval step could certainly address that concern. 

This is the single biggest area for improvement that will yield the quickest results, yet it’s the one that is most often neglected because of the difficulty in coordinating between departments (process challenge) or the lack of sufficient resources to get it done (people and tools challenge). The process challenge of misalignment between teams can be attributed to shift in stakeholders. Historically, IT has called the shots when it comes to patching, but over the last few years, security has increasingly had a seat at the table and, in some cases, are now responsible for calling the shots on traditional IT processes. From a people and tools perspective, it’s important to note that organizations don’t have to do it alone. This is where MSS (patching) and MDR partnerships can provide the cost-effective option.

There are three big challenges facing organizations in 2022: Securing and retaining talent, paying for security and keeping up with changes to the environment. The common theme that cuts across all three of these is that, excluding the largest of large enterprises, it’s very difficult to manage all of this without help. Maximizing returns requires some out-of-the-box thinking. Take a step back and ask the critical question: Do your organization have the talent, budget and resources to effectively manage security at the scale your organization requires? If not, then it’s worth taking a closer look at managed services.

MSS and MDR solve different problems. Choosing what to outsource will help identify the right vendors to approach. MSS is suited for the management of existing tools (managed firewalls) and performance of dedicated tasks (like penetration testing), while MDR is suited to those looking for a more comprehensive detection and response approach to their security posture. The right MDR combines pre- and post-breach detection across hybrid and multi-cloud environments to not only reduce the likelihood of an attack, but to also reduce the impact of one. With the right combination of platform, threat intelligence and expertise organizations can effectively achieve their desired business outcomes.

KEYWORDS: cyber security budget cyber threat cybercrime endpoint security managed detection and response (MDR) ransomware small and medium business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bharath Vasudevan is Vice President of Product Marketing at Alert Logic.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cloud-enews

    Top Challenges When Securing Cloud Services Today

    See More
  • SEC-2022_Top-Cyber_1170x658-enter.jpg

    LAST CALL: Nominations for Top Cybersecurity Leaders close today

    See More
  • artificial intelligence

    Three top-of-mind cybersecurity trends in 2022

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing