Increased Security Spend: Not "If", but "How Much?"

Increased Security Spend: Not "If", but "How Much?"

By Erik Linask

There isn’t a hotter topic in IT than security – and it will likely remain that way for the foreseeable future. For one thing, it impacts every business out there in some way and, while some hackers target big-ticket business, others aren’t particular and will go after just about anyone.  Secondly, even if you think you’ve got security under control, hackers change the game by creating new attack methods, so businesses and their security providers have to always be on high alert.

The good news for businesses is the cyber security market is teeming with vendors who can help manage security, whether you’re a small, family-owned operation or a large multinational conglomerate.  Naturally, your security requirements will vary based on size and industry, but the need for security solutions is always there.

Nobody wants to be the next data breach news story – it’s bad for business.  So, as a business or IT leader, what’s your best strategy for securing your assets?  Hornetsecurity will be at MSP Expo 2022 in Fort Lauderdale, Florida, so I took some time to touch base with Daniel Blank, the company’s COO, to hear his thoughts on the security landscape, what’s changing, and how MSPs and their clients can increase their chances of avoiding a breach.  Here’s what he had to say.

Is there any recent news from your company you would like to highlight?

Hornetsecurity just announced the acquisition of IT-Seal, a vendor for next generation IT security awareness training and phishing simulation. This new service adds another dimension to our commitment to be the most comprehensive email security, compliance, and backup provider for Microsoft 365, all managed via a single cloud-based control panel.

How have the past two years changed your company?

In the last two years, we observed a massive movement to Microsoft 365 by companies and organizations across the globe – and with it, a dramatic increase in attacks against the platform. Through the ongoing research by our in-house security labs, we have continued to boost the robust, high-performance email security we are known for, placing a special focus on Microsoft 365.

We’ve also identified an increasing need to back up Microsoft 365 data. Customers now are using Teams for both internal and external communication, over and above email. As a result, they need new backup functionality, particularly to back up Teams, including individual conversations and shared files.

We predicted this change in early 2016 and decided to focus on Microsoft 365 security. We fully integrated our services into Microsoft 365 and added further services, like Signature and Disclaimer, Backup for Microsoft 365 and now Security Awareness Training and Phishing Simulation to address these needs.

Hornetsecurity is one of the very few vendors that backs up Teams entirely. Additionally, we back up SharePoint and OneDrive within M365.

What’s changed in the security space? How have attack methods changed and how has the security community adapted?

Attacks have become more sophisticated. For instance, phishing attempts are difficult for end users to identify. The good news is the technologies to mitigate these risks are already there – customers just need to implement them. Security awareness training and phishing simulations are other ways to help customers increase their end users’ awareness and help them become more resilient.

What’s the biggest security challenge businesses face?

Many clients think about potential data loss as a result of a ransomware attack. We still hear many customers who naively believe they are not a worthwhile target for cybercrime – yet it is essential for all organizations to install the right preventive and restorative solutions. Becoming a victim of a cyberattack doesn’t only affect your operations, it may also affect customers and business partners, and prevent you from being able to fulfill your contractual obligations and commitments. If the attacker has extracted sensitive data or prevents you from accessing that data any longer, you must inform your clients and business partners about the incident. This can really harm your reputation and could result in loss of customers.

To what extent has business leaders’ understanding of security changed? Has that been reflected in their investment in/adoption of security solutions?

It’s undeniable that the IT security landscape has changed over the last years. We’ve seen many cases of cyber attack victims in the public domain and situations where organizations completely went offline, having to deal with the consequences of a successful attack for days or even weeks.

Business leaders need to address the way they think about security spending. There is no organization out there that is not heavily dependent on IT. The question is not if I can justify the additional IT security budget, it should instead be: How much I will lose if I do not increase my IT security spending?

Why is it so difficult for businesses to effectively secure their technology environments?

There should be no real difficulty for businesses to effectively secure their IT environment. It is a matter of prioritization. Cloud security services are designed to protect customers in the best possible way and MSPs and MSSPs haven proven that they can make changes seamlessly for customers and support them even beyond, with an SOC so that they can monitor and react to any kind of attacks.

Customers should delegate these tasks to experts like us. We take care of our customers’ IT environment to allow them to focus on their own core business and their customers.

Do MSPs have the expertise to support their clients’ security needs? What do they need in order to support their clients effectively?

MSPs and MSSPs have the know-how and they also screen the market continuously to find reliable vendors and state-of-the-art solutions to best serve customers. MSPs should focus on a few vendors who meet their needs in terms of quality, product offering, reliability, and flexibility. This way, they increase the expertise they can offer and become their customers’ trusted advisor.

Can MSPs take a single-vendor approach to security, or should they work with multiple security partners?

Consolidation is the right approach, but it often needs offerings from different vendors for MSPs to cover all aspects in the best possible way. Microsoft is a great partner in many ways, but the aim behind Microsoft 365 is collaboration and communication, not security and backup. That’s why MSPs need to connect with experts in those areas and add their solutions to M365 as a security layer. Hornetsecurity can take care of these aspects reliably, setting MSPs’ minds at rest.

The same goes for end customers. Should businesses be using multiple security solutions?

Yes. I recommend that customers talk to their trusted advisors to find the best available solutions to meet their challenges and needs.

What’s the biggest security challenge MSPs face?

The security landscape is constantly changing, and it becomes more difficult for MSPs to hire IT security experts. Many MSPs still believe they need to keep the knowledge and expertise in-house to differentiate themselves from their competitors. Finding the right alliances, partnering with a channel-focused vendor, and fighting cybercrime together is probably the most promising and sustainable way to face current and upcoming security challenges in a fast-changing security landscape.

What’s the best way for businesses to approach ransomware and other security threats?

Email is used as an entrance vector in 97% of all attacks, so businesses need to ramp up their defenses. Security awareness training and phishing simulation helps to prevent cyberattacks from being successful.

A comprehensive email security solution that reliably protects you against sophisticated and tailored attacks is key. It is stunning that, despite being the most common attack vector, email still only gets a negligible portion of the overall IT security spend.

Backup completes this stack and allows you to retrieve any information should disaster strike, making your environment even more robust.

Predict, detect, react.

How can MSPs and their clients remain diligent when it seems bad actors are always a step ahead?

Don’t try to find all the cybersecurity answers yourself. Rely on the experts! We are here to help MSPs help their clients. The good news is that, even if it feels like cyber attackers are always a step ahead, together we have the right tools and knowledge to stop them before they can harm your customers.

What’s your approach to security and helping MSPs and their clients keep their data, networks, and applications safe?

With our 365 Total Protection solutions, you get the best comprehensive suite to secure the most used attack vector, email. 365 Total Protection is the only solution on the market to cover all aspects of security, compliance and backup for Microsoft 365.

You can choose from various bundles to suit you or your customers’ business needs, and enjoy state-of-the-art email security that protects against spam, viruses, phishing and ransomware – plus email signatures and disclaimers.

You can also benefit from Advanced Threat Protection (ATP) to defend users against the most sophisticated email attacks, automated email continuity to prevent unexpected downtime and legally compliant email archiving to keep all emails safe and searchable.

You can even opt for backup and recovery for endpoints and Microsoft 365 data in mailboxes, Teams, OneDrive and SharePoint.

365 Total Protection’s tailored integration with Microsoft 365 simplifies the entire user experience: from signup, to setup, to feature and user management. Its central console is a perfect blend of data privacy and ease of use, enabling you to do more and worry less.

What are you hoping to achieve at MSP Expo? Why should attendees make sure they visit your booth?

We are the leading European Provider for Email Cloud Security, Compliance and Backup of Microsoft 365. We are trusted by more than 50,000 customers worldwide, collaborating with more than 5,000 Partners.

Visit our booth, become a Hornetsecurity partner and let’s tackle this challenge together through our robust, reliable, award-winning solutions.

What will you be discussing at MSP Expo? Why should your session be on the list of must-attend sessions at this year’s conference?

Join us for an insightful discussion on how to deal with Ransomware! Hornetsecurity will be discussing these key topics:

  • The current ransomware trend of double and now triple extorsion
  • The US-Russia cyber crackdown honeymoon is over
  • Perfect storm with a heightened regulatory environment
  • The cyber insurance situation – not as easy as it used to be

On January 14, 2022, Russia’s own FSB busted the Revil ransomware gang in Moscow. But, where are we now in the context of open cyberwarfare between Russia and the western world? Things are not looking as good.

We are living a perfect storm with a heightened regulatory environment (GDPR, CPRA, PIPEDA, etc.) and a shortage of InfoSec professionals. The ransom payment may now simply be the appetizer for new non-disclosure penalties. This is an alarming Goldrush for RaaS (ransomware as a service) operators.

Insurers are feeling the heat: Is cyber insurance a solution? Do you know what a breach coach is and why they exist?  

Attend our session to learn more!




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Group Editorial Director

SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More