Sign In

SMEs overwhelmed and unprepared in the cyber abyss

Small and medium-sized businesses are lacking the time, expertise and capability to deal with an ever-evolving threat landscape, which threatens to bring down their operations at any time

The democratisation of sophisticated cloud and collaboration tools has meant SMEs can compete globally with major enterprises which have much bigger budgets. Where the large variation in resources does clearly expose itself, however, is in the area of cybersecurity.
If SMEs are competing on an even keel with large enterprises, it means they are also as much of a target to cybercriminals, or at least can be equally affected by vast supply chain attacks, such as last year’s devastating SolarWinds hack. Yet they are nowhere near as able to commit the big sums required for the cutting-edge cyber tools that the vendor ecosystem claims they need.

This has left three-quarters of SMEs feeling they lack the capability and expertise to withstand a cybersecurity attack, a recent study by Arctic Wolf found. The report underlines the extent of the challenge facing SMEs, with 39% overwhelmed by the sheer volume of security alerts they receive. Many get up to 75 alerts a day, according to the research, leading to ‘alert fatigue’.

“SMEs are in an uneven playing field,” says Ian McShane, field CTO at Arctic Wolf, a leader in security operations. “Not everyone has the multi-million-pound budget to afford all of the latest cybersecurity technology. But these smaller organisations are too often used as the embarrassing case studies by vendors. It’s frustrating when so called ‘lessons to be learned’ boil down to ‘don’t be like these idiots who couldn’t afford it’. Vendors have a lot to answer for here.

“There has been this massive explosion in recent years in the sheer number of buzzwords, tools, products, platforms and security vendors. The number of solutions that companies are being convinced they need to invest in is pretty incredible. If organisations are using 10, 20, even 30 security products on average then there are a whole lot of things that can go wrong.”

The human element is critical to getting cybersecurity right. If you don’t measure it, it’s not managed.. Nobody wants to experience the huge cost and inconvenience of a ransomware attack

In the hype-fuelled cyber industry, it can often be forgotten that the threat landscape cannot be dealt with by technology alone. People and process are just as important, but this is also where the resource gap is exposed. Simply finding time to manage cybersecurity is a key problem for many SMEs, the Arctic Wolf research discovered, leaving them even more vulnerable to attack.

Over half of the business leaders surveyed by Arctic Wolf admitted cybersecurity issues are regularly deprioritised in favour of other business activity, while 34% said they don’t have time to keep across every threat or alert. Those that fall victim to cyber attacks not only suffer short-term financial and operational impacts, but also long-term impacts on trust and reputation.

Even when companies do have the resources to invest in people, they are met by a cybersecurity skills shortage. There were 3.12 million unfilled cybersecurity-related roles globally last year, according to research by (ISC)². The shortage only exacerbates the resource gap even further, pushing up the expected salaries demanded by highly in-demand cyber talent.

“This isn’t an industry that will be replaced by AI. People and process play a huge role” says McShane. “The human element is critical to getting cybersecurity right. If you don’t measure it, it’s not managed. If you lack the talent, whether through lack of investment or availability, ultimately you’re playing security by chance instead of security by choice. You’re hoping luck will prevail. Nobody wants to experience the huge cost and inconvenience of a ransomware attack.”

Through outsourced security operations, Arctic Wolf helps thousands of companies end cyber risk by identifying, responding to and recovering from threats. The Arctic Wolf cloud-native platform is the industry’s only solution that spans the complete security operations framework, including managed detection and response (MDR), managed risk, managed cloud monitoring and managed security awareness, delivered by the industry’s original Concierge Security Team.

Arctic Wolf is now expanding its operations into the EMEA market, establishing a European headquarters in the UK with further plans to open a European Security Operations Center in Germany later this year while growing its presence in the Nordics and the Benelux regions. The global expansion comes after the company doubled its North American sales for an eighth consecutive year and secured a further $150m Series F financing round, valuing the business at $4.3bn.

“We’re bringing the expertise, knowledge and context to help organisations do more with the people they have,” says McShane. “Importantly, we’re not trying to replace people – we augment what they do. And similarly, we’re not trying to tell companies they need to buy more tools, platforms or products. All organisations have, at their disposal right now, enough security tools to improve their security posture, but they just need the assistance to be able to operationalise it. Arctic Wolf does that operationalisation at scale, and at a speed which is orders of magnitude faster than companies can do on their own, if indeed they can do it at all.”

That scale is partly delivered via Arctic Wolf’s cloud-hosted platform, which does most of the heavy-lifting analysis. But there is also the human element, removing the worst elements of cybersecurity from the company’s ownership into Arctic Wolf’s ownership. By embedding their expertise within businesses on a day-to-day basis, Arctic Wolf’s team understands not just the IT infrastructure of its customers but exactly how their company works, giving SMEs both the time and peace of mind to get on with running their business. This eliminates the burden of alert fatigue as well as drastically reducing the impact of a cybersecurity incident when it does occur.

“Ransomware is just going to get worse, and over the next year or so it’s going to be a real wake-up call for almost every organisation,” McShane adds. “Even if they are doing something now, every company needs to do more. Security isn’t something that has a silver bullet. It’s not something you can buy away. It’s an ongoing journey; something that needs continual investment, measurement and management. We want to be that security partner for as many customers as possible and remove that unfair advantage that large organisations with big budgets and 24/7 IT staff have. We want to bring those advanced capabilities to everyone.”

For more information, visit

Sponsored by

Arctic Wolf