B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 1 week ago

State of small business security in 2022


Fortinet recently released a new report about the state of small business security that breaks down areas of top concern and best practices for combating cyber threats. 

In a special As the Gears Turn edition, Devaughn Bittle and Patrick Cash speak with Joel Boyd , Director of SMB Solutions at Fortinet , about: 

- The rationale behind the new SMB report 

- Cyber insurance

- Fortinet’s product portfolio 

Email Ingram Micro’s Fortinet team or visit Fortinet for more information. 

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk 

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify , Apple Podcasts , or Stitcher . Or, tune in on our website .

You're listening to beb tech talk with Ingram micro the place to learn about new technology and technological advances before they become mainstream. This podcast is sponsored by Ingram micros imagine next. It's not about the destination, it's about going someplace you never thought possible. Go to imagine next, Dot Ingram microcom to find out more. Let's get into it. Patrick, how are you so? That's a nice new microphone you've got there. Well, you know, one of these days, hopefully, we're going to end up with a video format and I will put this away so that everybody can see your set up first and then understand where I'm coming from with this microphone, because again, I'm I'm still trying to catch up, a year and a half later, to you know your studio. So I'm happy to see the upgrade. It looks good, it sounds good too. It works great. It doubles as a hat rack, and then I've got some laundry hanging from the boom that you can't see. So it's that's like the workout equipment I have at home too. So Hey, yet another fantastic episode. As the gear's turn on TAP, today we're going to be talking with Joel Boyd. He's the director of S and B solutions and marketing with for net. Joel, thanks so much for joining us today. For Nett's been a long time sponsor the S and be alliance and we definitely appreciate you, guys, your partnership, support to the community and and let's let's jump in. Awesome. Thanks, guys. Happy to be here. Yeah, great to have you. So, Joel, tell us a little bit about you and your role at Fort and sure. So, like I said, I'm the director of SB solutions and marketing. So I always like to joke around. What the heck does that mean in English? So, in English, my job at Fort Net is to really have my fingers on the pulse of what's happening in the small business industry and segment, what folks are really looking to accomplish and kind of helping you angelize. Hey, here's how Fort Net can really help you, which is important because I think nowadays a lot of folks think abus is this Big Enterprise Company and folks forget that we actually started in small business market, really helping those types of folks. So working with MSP's and we still do a ton of that it's just we don't get as much of the focus and marketing. So my job is kind of keep keep that that going in alive. So you guys for net, you guys recently published a new report titled the State of Small Business Security Two thousand and twenty two. And obviously you know in our industry and really across the Board This Day and age, you know, securities a hot topic for everybody and in your report you kind of start to a discussion around top areas of concern and one of the key areas, and we kind of wanted to touch on it today, was social engineering and how that kind of creates some security gaps. And so let's talk about that, let's Talk Abou Up, you know, the report as a whole and you know,...

...maybe some other areas that would be good to hit on. Sure. So the reason we did the report is I had I'd been working with enterprise companies for a while and I've recently come to the small business side, probably the past few years, and what really frankly annoyed me is any time I would read a security report or anything like that about the S and B market, you'd only see reports that said all companies less than a thousand people and I'm like, you kidding me? You're telling me a ten person company or a twenty person company completely the same as a thousand people like you. Come on, man. So what we've really set out to do for the past year across all our stuff is to really understand those micro differences as businesses are growing, whether you're a ten person company a fifty person company. So anytime we're doing this kind of research, we make sure that we've segmented that information in that way so folks can understand. Great, here's where I am now and here's what I should do for a best practice, and then here's where I expect you be in the next year or two years. Let me not make the same mistakes that all my predecessors and peers in the industry have done. So I really wanted to kind of come out to market with something like that that explain, hey, here we're different things debating on depending on different sizes, and then kind of just get into is like do we agree, do we disagree? What's really the best practice? Like you mentioned a whole social engineering thing. That was part of our you know, if you had an attack, how do you think it got it and, like you mentioned, regardless of how big the company was. Everyone's really worried about social engineering and solen credentials, but the reality is actually that those things are fairly minor compared to the other things that people could have picked from, like your own filtery and content filtering, email protection, because that's really the mechanism that books that attackers are using to get things like ransomware another malicious things into that site. Yeah, the social engineering is good, but really just trying to point you to a website or do a thing. And now a lot of that stuff can actually be protected just by good security awareness, to factor authentication, things like that. So it's very interesting. The importance of cybersecurity has significantly increased from last year. You mentioned that in the same report. and seeing as we're focusing on the SMB market, I want to quickly chat about how targeted these businesses are are for a security incidence or attacks. Could you talk a little bit on on that and what you think I mean? We're getting this. I can speak for Patrick and and myself. We're getting this from our customers. As far as or people really targeting me or you know my just you know the one they found today and that's you know, I was the lucky number that popped up. You seek that a little bit. I could talk about that for a lot of it. So the good news is that myth and the number of people who believe in the small business market. Oh, I'm not going to get hit by anything. It is drinking. That's the good news. And I say that because what's really change, and...

I would say probably in over the past five years, but this has been happening for a while, is don't even think about business technology. Just think of technology overall. Everything is becoming so much easier to get your hands on. It done. Doesn't even matter how smart you are, how experience you are with things. Whole point of technologies to make it more consumerized and easier to use. So a lot of small businesses, even really really small businesses, are turning to this new technology in order to grow their business. They want to, you know, access to more customers. They want to do better marketing. So in order to do better marketing you have to have better connections to understand where people are going. Long story short is they're consuming a ton more stuff, they're buying a ton more tech. But the flip side of that is. It also really increases that businesses in what we like to say the attack surface, and what that attack surface does is it gives hackers a much bigger area that they can start doing reconnaistance scanning from vulnerabilities in order to try and get things in. Additionally, you know, it's not only the good guys who have the new technology, it's a bad guys too. So all that cool stuff that we like to talk about in security, about artificial intelligience and machine learning and speed of response, yeah, they got it too. So they're able to really run these attacks at a much faster clip, with much faster and higher conversion rates, and because of that they're starting to target people a lot easier down market and because of that huge technology boom that we're seeing the small business, you know, that's also in roads into bigger customers or bigger partners and whatnot for that hacker. And Yeah, so that's that's really what comes down to. And one of the things that we ask is, like the court, like hey, you know, did you get hit? That was question one, and the question kind of follow up with that was, if you didn't get hit, how sure you use that you didn't get hit. And, as you would expect, a lot of folks said that yes, I got hit, with varying rankings of based on how big the business was, but a significant number also said, yeah, I'm a little ski you know, I don't think I got hit, but I'm pretty skeptical. And you know, if you do a broad stroke of that, if you look across the entire segment that we did the research for, roughly seventy percent, if you just kind of push it all together, seventy percent of businesses, regardless of size, typically had at least one security incident. And by security incident, where we could, you know, attribute that to a fishing email that somebody clicked. One could be could can be considered a security incident? I assuming that report. Yeah, and that's and I intentionally said security incident when we did the report, because it can really whether or not you got hit by a terrible attack, that doesn't necessarily mean that you have a compliance issue. Compliance issues are also significant security instance,...

...where somebody maybe got access to something they shouldn't have. So that counts to because if you do have something like that, guess what, you probably got to find that you got to pay later on too, right well, and you know, as we're talking about some of these incidences, and it's a very common conversation these days as well, driving down into the SMB space, even those five and ten person companies, cyber insurance. And you know, while, for to net's not providing cyber insurance, a lot of the products that you guys do offer from a security standpoint can help bridge the gap to make sure, you know, a company is compliant to their policy requirements or and as well, just kind of, you know, helping prevent it from happening and begin with. But you know, there's a there's a lot of vagueness and you know, it's like, Oh, I'm just going to go out and sign up for Cyber Insurance and pay, you know, a premium and I'll be fine. And then it's like, well, you weren't doing anything to make sure that you were getting there. And so let's talk about you know, and this in the report there's some of this discussion. You let's talk about that a little bit so that, you know, we can kind of educate not only ourselves but, you know, our customers as well. Yeah, really glad to bring up the cyber insurance thing. That's that definitely as becoming this bigger and bigger, bigger thing, because I think exactly, I'm going to say the myth again that you just put out there. Cool, I'm going to sign up for Cyber Insurance and I'm good. I don't have to do a thing. And for anybody WHO's trying to get a big insurance claim on anything, regardless of the CYBERSCAR or something else, usually doesn't work that way, does it? Now you try and get that claiming, the insurance company starts coming to knock. It's like cool, what did you do to actually even safeguard yourself from this bad thing happening in the first place? In cyber security, you know, sadly, I have to say, is probably one of the more complex insurances when it comes to it, because that insurance company is going to be looking at a lot of different things, and I'm just going to leave it at that, and because each company does things differently. So my biggest part of advice is read that fine print, make sure you understand what the rulling to pay and what those circumstances are and generally speaking, the more cyber security that you can put into your organization, the more that you are actually doing due diligence on your end, the less you're going to have to pay, even for your premiums. You know, I think it is an insurance model. The safer you are, the less you pay. That's kind of how it works. So I'll leave it at that. So Jo'll also in that same document which, by the way, you're going to have to tell us where, where listeners can find this report. So as part of your answer this question, why don't you tell us about that as well? But in that the security report, you mentioned that partners help, but most businesses do most of the work, and you expand on that part of it. Yeah, so let me first you know, for those of you kind of wondering where do I get this magical thing that theiryone's talking about, honestly, the easiest thing to just go to Google,...

...type in fortnits state of small business security and it'll pop up. Now, yeah, the partner question, I actually was really surprised about the answer. I was expecting the partner piece when it came to and the question was how much do you rely on partners to implement in maintain your security solutions? We actually also had a questions like hey, how much of partner's involved in your decision process, that answer was pretty high a lot of folks, regardless of whether or not the partner came to the shortlist or they came to the shortlist, the partner interaction with what do you pick to use was very high. But yeah, I was surprised, generally speaking, kind of, when I looked across the board on aggregate it was roughly thirty percent of the time, give or take. That's about how much partners were doing the implementation and maintenance. Regards of company size, you know, five hundred, two hundred, one hundred fifty, and I think a lot of that points to again this myth that small business folks don't know anything about security, they they haven't done anything before, and that's really not the case. You go to indeedcom type in, you know, cyber security or item manager and look at companies that are in the small business kind of size and you'll see people they've been doing this for ten years, fifteen years, whatnot. The only differences they don't have the access to the resources or they don't have as many people as a large organization. So I think folks really still like having that can control and, as I mentioned, because small businesses are advancing their technology a lot faster, they're doing a lot more mature things, which means they're doing more custom and typically that partner model begins to break once businesses have gotten to a certain size where the doing a lot of custom stuff and the Partners Response Times can't scale. That's that's usually what people tell us, you know, when they've decaid. It's like, yeah, we're going to try and bring this all in house. Is it's the response times, it's the ability to really get that custom template and design that the business wants that the partner maybe not, may not have the scale to do. That's when folks start, you know, breaking away. But what was that? If I recall, actually the the larger companies used partners more so, and I think it's just because at that point there are systems have become a lot more complex and they just need to help. Yeah, I found that part interesting actually, that the larger ones in your report tend to use partners for security more so than the small ones. Yeah, let me talk. I want to talk. Actually, there was another trend in the report that I thought was really interesting. That kind of fallow the same way and it gets back into the incidence you would expet. So what I expected to see was that we would see a high prevalence of security incidence in the smaller sizes and as this is has got bigger, that number would drop. That did not happen. What happened is we saw that there is an uptick in the small you know, kind of just kept on going up and then start going down a little bit in that...

...that hundred to two hundred person company, and then it pop right back up. And I was talking to my vp of global threat intelligence the other day about this and this phenomenon and I had a theory and he validated it. Is Basically what's happening is small businesses again, remember, they've got a much bigger attack surface but still not nearly the attack surface in complexity that their larger conom parts have. So even though they've the smaller businesses have less access to high end mature technology, which, by the way, they do have access, they just maybe don't know about it or maybe they don't have as many people. That smaller, less complex world that they're managing is actually easier, so they don't have as many incidents. What we see, and what you saw this come up constantly in the report is I've got challenges with policy management, misconfigurations, consistent security policies. That was like the number one thing that's holding, you know, strong security back behind budgets. And what we saw is that his business is got bigger, even though they have theoretically better technology, more people. The business had taken an approach of a whole bunch of different security vendors, whole bunch of different stuff that didn't work together. Now of a sudden they've got to manage all that and they can't. It's too complex and so they actually end up getting hit a lot more. There was a previous report that we did late in two thousand and twenty one called avoiding complexity, and then the very last question we added asking that report was know, in hindsight, if you could do something differently, what would you have done? And the larger businesses, thousand people, one Thousan five hundred. You know, if you could do something differently, what would you have done? Sixty one percent of the folks US market, roughly three hundred to four hundred people we serve right in that one sixty one percent of those businesses said I wish I'd gone with a single vendor solution. Now you look at the smaller companies, you ask that same question. What were they doing? I need to hire more people, I need to, you know, do more vendors. I need more I'm like, and you literally see and that you'll see the same thing that come out in the seed of small business, where you see the exact same trend. At the being it's like, I can't manage all these different vendors, it's too complex. So what are you doing next year? In Two Thousand and twenty two? I'm buying more security vendors. I'm adding on more stuff, like, come on there. Yeah, the old adage of there's you know, no such thing is too much of a good thing. Yes, sometimes can be much of a good thing. Try, and I mean I don't blame folks, you know. So when I was super, Super Young, I used to work for Dood and like. So I understand where this whole you know, defense and depth strategy came from. And I'll stop myself by going to academic and history less than this one. But the longest story short is technology wasn't as good as it is now. You know, I will say that our ability to defend against attacks I will say I think it's getting better than what the attackers can throw at us. Now the attackers are also starting to change your entire paradigm. They're...

...starting to try and insert their technology into the hardware and software to begin with, because they know that's becoming harder. But the point is, twenty years ago that wasn't the case. You did need a lot of different vendors to do stuff. Nowadays you've got some big, pretty secure, pretty hard global security vendors weren't at being, you know, the number one one. We can do this and it's actually better in the long running, easier to manage than doing a whole bunch of different point products than use cases. You don't have to take my word for it. Read that, read all the reports. You'll see it come out. So we've been talking a lot, you know, kind of around the report and a lot of the research and documentation that's been provided. We haven't really talked much about, for Tonet and the huge stack of services that you guys do have to offer, and so you know I mean we've got firewall switches, apiece, you know, software, all these security components that you know as an smb are great deployable as a reseller and a partner. You know, how do we get started before in that to engage and, you know, kind of get rolling with a lot of the thing to fix a lot of the things that we're talking about today? Yeah, yeah, so, yes, I mean, fort fortnet's known for a couple things really, really, really well. First and foremost, YOU'RE gonna get a lot of bang for your buck with fortnet. You know, that's one of those things. And everyone can go to Linkedin see where I've been a bit of a handful of security vendors over the years. Very happy where I am now, and it's because we really have taken this organic approach so that everything is integrated, and in order to do that it's taking a lot of work, but it's obviously you know, and that enabled us to get where we are now. But that breadth and portfolio is pretty large and we do so because we want to make sure if folks do have access to the solutions they need when they need them, almost kind of a modular type approach. So if you're a partner reseller and you're like man, how do I get you know what, jump on the ship, go to partner portal, Dot Fort Netcom. So again, Partner Portal Dot Fort Netcom, and you can sign up to be a partner pretty easily. And the good news is we realized, because our whole mission is to secure data, people and privacy wherever somebody may be easier said than done. And when the number one ways you have to do that as you have to educate the world on what matters, what doesn't and what the best practices are. So we offer all that training for free, whether you're a partner or you're a prospect or a customer, it doesn't matter. We've got that out. We when covid hit, we let all that stuff be free. So you're going to see that kind of NDEC type training and in fact we actually even Incentiveie, our partners. You can earn almost four thousand bucks by getting into those NDEC three and four level training. So the more you want to learn about our stuff, man, the more will pay you. Very cool. So, Joe, one question we ask all of our guests will baby tech talk as the gears turn. Addition is, when you think of technology as a whole, where do you see it going within the next year? And this doesn't have to be secure. Here you can be anything you want from a technology standpoint.

Did you? Did you see his face, Devan? He's like, oh my gosh, where they headed of this question? Well, it was more like it's like well, I feel bad because I've done to have a bit of a cookie cutter and I wish I had a life more so. My wife definitely does, because but I did. I love what I do. I'm I'm a marketer through and through and I love being in cybersecurity and small business market. Is You just blowing up so fast? And I'll just keep on, you know, Harping back. Why is it growing up so fast? Because technology is becoming so much easier to consume in use. So I will focus on the security space because I mean there's a classic example. All holiday last year I was hanging out with a whole bunch of my nieces and nephews, so like ten, twelve years old, and I think they were used playing minecraft or roblocks or whatnot. And sure enough, you know, the kind of got a slip screen going and I see a whole bunch of scripts going over and I'm like what you doing there, buddy, and it's like, Oh, I'm like doing all these codes and stuff and he's like going around killing everybody. He can't be hitting everything like that. I'm like, Huh, where did you learn how to do that? We're going off youtube, like okay, cool, he was exploiting the program and hedn't even know what it was. He's ten years old, he's running exploits. I'm like that's awesome. You know, crazy. That's really where it is. You know, anybody with kids knows that technology he's coming easier and easier to get to and we just got to manage it. Totally agree. Yeah, it's great answer and yeah, we talk about it a lot and I think you know, offline, you know, these are really common discussions and themes about, you know, being able to hand your phone two or three year old and just watch them hack your bank account, order whatever of the Amazon, and it's just it's absolutely I mean these kids are mean, they're growing up in this world. I mean it's not like, and I always tell no, even when I'm talking to my own people about, hey, how what's the best way to talk to folks, whatnot, I tell them is like hey, look, as you know, ask yourself, how old is this person I'm talking to you in the especially in the small business. These are brand new companies. The owners of these companies, like I'm almost forty years old. They're a lot younger than I am. They know their cloud first, they know what they know all this stuff. They've been doing it right, right. Yeah, yeah, well, Joel thinks for carving out part of your day to sit down and chat with us a little bit. Happy to you know. We've covered a ton of information and there's a even larger ton, two tons more. I don't know how you know what. We'll come back to that. I can keeps growing. There's a lot more out there, and so where can people not only find out more about you, but also more about for Tonet in general? I don't think anybody cares about me, but that's nice of you to say. But if you want to hear the good arns in find the good research and what we're doing, go to Fort Netcom and you'll see on the website. I know you think it's enterprise. It's not. There is a small business section. Go ahead and Click on that section. You'll open up the world of small business. You'll see a whole bunch of different lateral information, a cross network security...

...and point security clouds, all the common jargon, you'll say. You'll find all that stuff there. Great with thanks for tuning into another episode of as the gears turn on B Tob Tech talk with Ingram micro. You've been listening to be tob tech talk with Ingram micro. This episode was sponsored by Ingram Micros imagine next. Bb Tech Talk is a joint production with sweet fish media and angrim micro. Ingram micro production handled by Laura Burton and Christine Fan. To not miss an episode, subscribe today on your favorite podcast platform.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (395)