In a recent conversation with Jessica Ortega, Product Marketing Specialist and Technical Writer at SiteLock, she told us: “Despite what we read about in the news, it’s small businesses, not enterprises, that face the greatest threats to their website security. For MSPs [managed services providers], this presents an opportunity to provide to web hosts a comprehensive website security stack with an educational edge.”
We agree with Jessica Ortega and yet at the same time, we feel that large and even global enterprises can benefit from the educational and outright website security an MSP can offer. The cybersecurity staffing crisis hits the large and small alike; even if your enterprise has a larger IT security team, selecting an MSP to handle a specific issue such as website security can free up your cybersecurity resources to focus on more critical issues.
We had a brief conversation with Jessica Ortega, covering how MSPs can address each facet of website security to provide the most valuable offering to the site hosts, and how each piece benefits the end-website owner. While that conversation focused on the benefits MSPs can offer small to medium-sized businesses (SMBs), enterprises should take note of what MSPs can do for them as well.
Solutions Review: Small businesses often face more targeted attacks to their websites than enterprises but are less prepared. Beyond limited resources, is there any other reason for this?
Jessica Ortega: Websites are the target of a cyberattack an average of 44 times per day. This is extremely alarming when you consider that most small businesses aren’t prepared to defend against today’s increasingly sophisticated threat landscape.
Even more concerning is the common misconception by SMB website owners that a security breach won’t happen to them. In fact, 43 percent of all cybercrimes target SMBs. The reality is that no website is too small to be hacked. Small business owners may also be intimidated by website security, finding it beyond their technical expertise or understanding. Website security does not have to be prohibitively expensive or overly complicated, and MSPs can help overcome these obstacles by offering education and an affordable, comprehensive website security suite.
Solutions Review: What kind of holistic security stack can MSPs provide SMBs in order to give them a better understanding of website security? What should be included?
Jessica Ortega: Traditionally, MSPs have offered a portion of the security stack with a focus on endpoint and operating systems. However, businesses today rely more on their web presence to build their brands, which creates new opportunities for cybercriminals to exploit. As a result, MSPs should offer security solutions to round out their portfolio that protects websites, databases, third-party applications and custom web applications. Adding website and web application security offerings will complement historical endpoint security options and provide the SMB the opportunity to implement a complete security stack.
A recommended website security offering should include the ability to mitigate any existing malware or vulnerabilities and prevent future attacks. For example, a malware scanner that delivers file-based scanning is critical to finding partial malware infections and malicious content on otherwise legitimate files. Traditional outside-in scanners could miss these threats as they only see web visible content. Malware scanners should also have the ability to automatically mitigate and remove found malicious content. In addition, a web application firewall (WAF) aims to stop compromises before they begin. A WAF will filter out suspicious, malicious, and bad bot traffic – stopping cyberattacks before they access vulnerable websites.
Finally, vulnerability scanning will alert website owners to commonly exploited vulnerabilities such as cross-site scripting (XSS) and SQL injection (SQLi). These types of vulnerabilities are often found in outdated content management applications and their plugins. Offering a patching solution for common content management systems (CMS) will address these vulnerabilities before they can be exploited.
Solutions Review: Again, these are solid points on website security for enterprises as well as SMBs. You should consider whether your enterprise can benefit from offloading some of the burdens of website security on your IT security team with an MSP. It might mean a more secure IT environment for you, and more stable digital processes for your enterprise overall.
Thanks to Jessica Ortega for her time and expertise! You can learn more about SiteLock here.
Latest posts by Ben Canner (see all)
- How SIEM Improves Business Incident Response Plans - June 3, 2020
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020