TD Synnex Beyond Security: SMB and Midmarket Heavily Targeted by Threat Actors
SMB and midmarket businesses still think they're too small to be targeted by cybercriminals.
![SMB and midmarket, Microsoft cyber attack SMB and midmarket, Microsoft cyber attack](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt744c5c0d8c95f3e8/6523f8fff2a4c5142239a824/Cyberattacks.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock/Dubo
The direction of the conversation with SMB and midmarket organizations is what are things that could be done to mitigate cyber risk that they’re not doing, said TD Synnex‘s Ed Morales.
“And then it’s obviously helping our partners understand that in this segment, this a need that needs to be addressed at some point,” he said. “So either they provide it or provide a managed service. But yeah, that’s the intent. So they’re not even doing the rudimentary elements to protect themselves.”
As cyber insurance becomes more prevalent, SMB and midmarket organizations will be forced to improve their cybersecurity posture, Morales said. And this is where partners can help.
“If you’re able to provide a service, for example, that’s more of an annuity as opposed to a hard sell where they have to go out and hire the resources and buy all the products, then it becomes something much more reasonable for them,” he said. “And it’s maybe just education. Part of it is just awareness. I think a lot of them lack awareness of what they’re doing and how they’re exposing themselves. And in some cases, cloud providers are actually starting to implement some requirements in order to have access to their cloud, especially when there’s some liability if they get breached.”
One encouraging sign is there seems to be growing knowledge in SMB and midmarket that they have to do something to protect themselves because it’s not only the big companies that are being breached, Morales said.
“It’s just awareness and continued enablement,” he said. “The vendors are now starting to pay attention to this lower-serviced segment. The technologies are easily adaptable, it’s just the pricing schemes and the channel. This is where the channel comes into play because … the vendors can’t scale at the levels they need to get to that level of segment. And even the partners need help because they don’t have the resources in house to be able to deliver that. This is where the companies like TD Synnex with our services, and our capability and the enablement, can help actually accelerate that skill into that market.”
Also during Beyond Security, members of TD Synnex‘s product business management team addressed latest cybersecurity trends that are becoming more prevalent in the market.
Augie Staab, manager of product business management, said managing networking is a problem TD Synnex is trying to solve with resellers.
“There is a major gap with skills … to be able to maintain and manage network,” she said. “So network automation is top right off the bat. There’s also artificial intelligence (AI), how threat actors are using it … so it’s using AI to put protocols in place.”
There’s also the thousands of unsecure devices that have been put on an organization’s network with the return to office, leading to network overload, Staab said.
“Talk to your customers, they may need a refresh,” she said. “This is something that’s going to become prevalent.”
Lauren McAuliffe, manager of product business management in security and networking, said zero trust and secure access service edge (SASE) are two big trends.
“The underlying trend is reducing complexity, simplifying management, reducing complexity of policy management,” she said. “That’s what SASE is. We’re looking to reduce any gap that’s caused by complexity. Secondly, attacks are becoming more frequent and sophisticated.”
The third trend is increasing regulation and compliance, McAuliffe said. It’s important for resellers to become more knowledgeable about new and upcoming regulations to help their customers stay in compliance.
“Always be looking for that opportunity to become a consultant and advisor,” she said. “That’s what creates stickiness. Also, opportunities to simplify. Are we constantly having that conversation that’s a little more proactive than reactive.”
Grant Chapman, manager of business development, said he’s excited about app security, in particular how containers and microservices are key drivers there.
“Containers are an undeniable means of efficiency in terms of deploying and improvement apps, and their adoption has been almost ubiquitous and keeps going,” he said. “And security concerns maybe weren’t necessarily as apparent, but they certainly are now and they have impact on the access base.”
App security and container security eventually will become interchangeable security, Chapman said.
Gary Armstrong, owner of Minnkota Consulting, a TD Synnex reseller partner based in Minnesota, said he attended Beyond Security because he wanted to get some insight on new services or products provided by different vendors, and to see if “there’s gaps in my business that I can fill with help from TD Synnex.
Armstrong said he’s “just getting started” in his cybersecurity journey and is looking forward to working with TD Synnex and finding the products that will fit his needs and his clients’ needs. He’s taking from the conference a “new outlook on where security needs to go in terms of maybe AI and just different products to cover those needs.”
“I already have a lot of things in place, but I always want to make sure that I’m at the forefront of security and staying on top of things and hopefully ahead of hackers and different things like that,” he said.
Sylvester Tate, president/CEO of Tate Computer Systems, a TD Synnex reseller partner based in Tennessee, said he came to Beyond Security with an open mind, “looking to gain knowledge because we are spinning up a cybersecurity department within our organization.”
“I just came to see all the different options that we have so I can take it back to my team and we can explore them further,” he said. “And whichever one we decide on, we will start to train on that particular vertical. We do some now, but not to the extent where we want it to be.”
TD Synnex has a lot of resources available so it’s a matter of taking advantage of those resources, Tate said.
“There’s a lot of great vendors here,” he said. “Some of them we’re already partners with and some we will be partnering with, and we learned a lot of good things like Symantec. They have a $30-a-year, per-seat bundle. I didn’t know that. So there’s those kind of things and that’ll be great for the small businesses that can afford it. A lot of small companies cannot afford a lot of the things. A lot of this is enterprise based. But of course, cybersecurity is a big threat across the board with any organization, company or even a personal user.”
Dan Driezen, security manager at E.S. Williams, a TD Synnex reseller partner based in Alberta, Canada, said he came to Beyond Security with questions on expanding his portfolio, and how his organization can better use the channel and existing partners to develop its own security practice.
“We’re about two years into our official security practice,” he said. “Before that, of course, security has always been something we’ve had to do, but for about two years now we’ve been really dedicating that. And so we use channel partners like TD Synnex and the vendors to put those solutions together. And then I package those up and deliver them to the clients. So it really becomes more of an aggregation point of different solutions.”
There’s increasing challenges when it comes to cybersecurity, Driezen said.
“It’s like every week our team is dealing with a compromised email account or a ransomware attempt, or something like that,” he said. “There’s so many different ways that they can come at you, especially after COVID-19. We get so many different vectors. People are working from everywhere, different technologies, and we have to be aware of it as well. In the media, you’re always hearing about something, and so our clients are asking us why didn’t you tell us? So that’s one of the other things that we want to get out of this, more sources of information so we can deliver that and really be that one source to our clients.”
Dan Driezen, security manager at E.S. Williams, a TD Synnex reseller partner based in Alberta, Canada, said he came to Beyond Security with questions on expanding his portfolio, and how his organization can better use the channel and existing partners to develop its own security practice.
“We’re about two years into our official security practice,” he said. “Before that, of course, security has always been something we’ve had to do, but for about two years now we’ve been really dedicating that. And so we use channel partners like TD Synnex and the vendors to put those solutions together. And then I package those up and deliver them to the clients. So it really becomes more of an aggregation point of different solutions.”
There’s increasing challenges when it comes to cybersecurity, Driezen said.
“It’s like every week our team is dealing with a compromised email account or a ransomware attempt, or something like that,” he said. “There’s so many different ways that they can come at you, especially after COVID-19. We get so many different vectors. People are working from everywhere, different technologies, and we have to be aware of it as well. In the media, you’re always hearing about something, and so our clients are asking us why didn’t you tell us? So that’s one of the other things that we want to get out of this, more sources of information so we can deliver that and really be that one source to our clients.”
There’s been an “astounding” increase in cyberattacks targeting the SMB and midmarket segments, and they need partners now more than ever to help them stay secure.
TD Synnex’s Ed Morales
That’s according to Ed Morales, TD Synnex’s global vice president of security and high-growth technologies business development. On Day 2 of TD Synnex Beyond Security 2023, he gave a keynote on the accelerating threat to SMB and midmarket businesses.
“The cost it takes these small firms to recover from a breach is $2.2 million,” he said. “And usually about 60% of these companies that get breached are going to be basically out of business in six months. And the scary thing is half of them don’t even know that they’re that exposed.”
A recent McKinsey report assessed the scope of the market in the SMB and midmarket space. It projected $1.5 trillion to $2 trillion in addressable market.
“So that means there’s obviously a large group of these customers out there that are not really doing anything and their security posture is low,” Morales said. “And what’s important really for the overall segment is if you can go back to some of the the classic [cyberattack] case studies, Danske Bank or Target, the way they were entered was through these smaller entities with whom they were partnered. So they got breached and, in turn, these larger entities got breached. So that’s how a lot of this is a much more broader concern. It’s not just a smaller market segment. It actually has an enterprise implication as well.”
SMB and Midmarket Organizations Not Concerned Enough
SMB and midmarket organizations think they’re not targets because “they think they’re too small,” Morales said.
“They’re a small entity, but they’re the prime targets because they’re the entry point,” he said. “Now, everything is so digitally connected. They’re the entry point to something else.”
The cybersecurity skills shortage also is playing a role in SMB and midmarket businesses coming up short when it comes to cybersecurity, Morales said.
“They can’t afford to have these sort of resources and on staff,” he said. “It takes a lot of time and effort to do risk assessments. So they don’t just don’t have the infrastructure to be able to support that. So that’s part of it.”
It may also be something as simple as turning on basic features like multifactor authentication (MFA), Morales said.
“With one of our larger hyperscalers, there’s been a large breach of their customer base based on them turning off MFA in their environments,” he said. “So there’s some rudimentary things that can take place, but it’s just they don’t believe they’re a target. And I think that’s the vulnerability. They just think it’s going to happen to somebody else.”
Scroll through out slideshow for more from Day 2 of TD Synnex Beyond Security.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like