In the past, large enterprises were cybercriminals’ primary focus. However, this is no longer the case with Small and Midsize Enterprises (SMEs) accounting for nearly half of all attacks in 2023.
SMEs store valuable data similar to their larger counterparts, but budgetary constraints and a lack of internal expertise make it difficult for smaller organisations to implement comparable defenses. Yet the financial impact and reputational damage of an attack can be particularly devastating to a small business — for instance, the average cost of a data breach in ASEAN countries, including Singapore, reached an all-time high of US$3.05 million in 2023 – a 6% increase year-on-year.
No matter how you slice it, cyber preparedness has never been more critical for SMEs. And it’s up to managed service providers (MSPs) to help their customers become incident-ready through proactive and actionable incident response planning.
Support Through IRP
SMEs often relegate incident response planning (IRP) — and cybersecurity in general — to the backburner due to a lack of time and resources. But with the threat landscape intensifying and the average ransom doubling, a comprehensive incident response plan now is a must for preserving MSP customers’ cybersecurity hygiene as well as their bottom lines.
Taking a thoughtful and tailored approach that addresses SME customers’ needs and resource constraints can help ensure they are equipped to respond to attacks effectively. Here are five ways to do that:
- Assess customers’ preparedness.
If you haven’t discussed IRP with your customers, it’s time to start a conversation. Speak with each of your customers to assess their current plans. Do they have an IRP? If so, when was it last updated? Have you reviewed the plan? Asking these questions can help determine next steps, whether it’s refining a customer’s current IRP or starting from scratch.
- Help create an actionable plan.
If a customer lacks a comprehensive and up-to-date IRP, the Cyber Security Agency (CSA) of Singapore offers Cybersecurity Toolkits for enterprise leaders and SME owners, including leveraging Incident Response Playbooks as guides for an action plan. These IRP recommendations are structured around the IPDRR (Identify, Protect, Detect, Response, Recover) framework developed by the U.S. National Institute of Standards and Technology (NIST), and are intended to guide organisations in preparedness, response, and recovery to cyber incidents.
As you subsequently offer guidance in drafting your customers’ IRP, consider the following: Does it outline specific roles and responsibilities, so employees know what to do in the event of an incident? Is the plan straightforward, actionable, and tailored to the organisation’s risks and resources? Additionally, make sure the IRP is available to all members of the organisation and review it as a group.
- Facilitate tabletop exercises.
Encourage customers to host tabletop exercises (TTXs) — simulated cybersecurity incidents designed to test an organisation’s ability to respond to a real-world attack — with you as a facilitator. These exercises are scalable, making them an effective way to put your customers’ IRPs to the test, no matter their size.
To facilitate TTXs, you can either develop your own scenarios or leverage CSA resources. The CSA recommends planning thoroughly, and then rehearsing these exercises proactively, as it is key to containing future incidents and limiting damage and disruption to business operations.
Encourage participants to think out loud, have the organisation’s physical IRP on hand, and take note of any gaps. After each exercise, hold retrospectives and work with the customer to refine their plan, ensuring it reflects their resource availability and evolving threats.
- Fill in customer security chasms with third-party services.
You may uncover gaps in customers’ defenses where both you and the customer lack resources to address a given issue — especially in an environment that requires around-the-clock threat monitoring. In these cases, many MSPs turn to third-party cybersecurity providers to complement their services.
While services like managed detection and response (MDR) have upfront costs, they equip customers with a dedicated team of experts to navigate dynamic threats, helping decrease their likelihood of falling victim to costly data breaches. Some cybersecurity providers also offer incident response retainers that enable experts to quickly jump into active threats, investigate, and remediate them.
Collaborate with customers to assess their specific security needs and provide insights to guide strategic investments in third-party services.
- Promote a culture of security.
While helping customers build their IRP, do not overlook day-to-day security hygiene. Instead, help establish and promote a security-first culture through education and training, such as phishing training, to lay the foundation for an effective IRP. Make sure customers have adequate defenses in place, like multi-factor authentication (MFA) and strong password policies. Even the most thorough IRP can’t rectify human error or lax security practices.
Build SME resilience by being proactive
The increasing overlap between the technology and infrastructure used by SMEs and large enterprises means their attack surfaces have more in common than ever before.
But while facing the same sophisticated threats as large enterprises, SMEs often lack the same depth of resources and expertise to prevent and mitigate attacks.
Through comprehensive incident response planning tailored to your customers’ resource availability and risk exposure, you can make sure they are prepared to act before, during and after a cyberattack.