Arctic Wolf has been named a leader in the latest IDC MarketScape for Managed Detection and Response.    DOWNLOAD
Skip to main content

Why Small and Medium-Sized Businesses Shouldn't Build Their Own SOC

When smaller firms are hit by a cyberattack, the cost can be devastating.
 
One out of four businesses with 50 or fewer employers report paying at least $10,000 to resolve an attack. And for organizations with fewer than 500 employees, insider incidents alone cost an average of $7.68 million, according to the Ponemon Institute's 2020 Cost of Insider Threats report

Why Cyberattackers Target SMBs

Small and medium businesses (SMBs) are an attractive target for cybercriminals because they often don't have the financial resources nor the required knowledge to create robust security strategies. Most SMBs lack the resources to build and manage a security operation center (SOC), and are ill equipped to implement, manage, and maintain a security information and event management (SIEM) solution.
 
As a result, many smaller organizations turn their attention to managed security service providers (MSSPs). While this may be more economical, it isn't necessarily the right strategy.
 
Small and medium size businesses are subject to security incidents just as much as larger businesses. In fact, more than a quarter of the victims of confirmed data breaches in 2020 were small businesses.
 
Four employees inside of an office, looking over some papers.

Notable Small Business Cyberattacks

  • TrueFire, an online guitar-lesson company in Florida, had customer payment card and other data compromised in a data-skimming attack. As a result, the company became subject to a class-action lawsuit, which it has agreed to settle.
  • The popular stock-photography website 123RF, based in Singapore, suffered a data breach that exposed the records of 8.3 million subscribers. The database of stolen records was then offered for sale on the dark web.
  • New York card payments processor Paay left a database exposed on the internet, with an estimated 2.5 million card records affected. Human error was to blame for this security incident, and it’s a leading factor in compromises far too often.
  • Massachusetts-based alcohol-delivery service Drizly had as many as 2.5 million customer accounts stolen by a hacker. A seller claiming to have account data freshly hacked from the company offered it on the dark web for $14 per account.
  •  Dynasplint Systems, a Maryland manufacturer of medical equipment, was the victim of a cyberattack that exposed the data of 102,800 individuals. The incident, which the company described as "an encryption attack," also disrupted operations, preventing employees from accessing computer systems.

Why SOCs are Typically out of Reach for SMBs

The security operations center (SOC) has long played a critical role in cybersecurity. With quickly evolving threats and cybercriminals using ever-more sophisticated techniques, SOCs have become critically essential.
 
Smaller enterprises need a SOC, but most likely can't afford to build and staff one. The average cost of just one Tier 1 SOC analyst was $110,610 in 2020, according to the Second Annual Study on the Economics of Security Operations Centers from Ponemon Institute. And you won't get far with just one SOC analyst—you need several to staff even a small SOC. On top of that, companies spend more than $2.7 million annually on SOC security engineering, plus more than $500,000 on
 
SIEM and security orchestration, automation and response (SOAR) systems.
The capital costs of a SOC, however, are not the only challenge. Ponemon reports that four out of five organizations feel that managing a SOC is complex. Finding the right talent compounds the frustrations—64% of organizations report a cybersecurity talent shortage.
 
Small businesses, especially those in heavily regulated industries, must have a thorough understanding of a cyberthreat's lifecycle so they can effectively manage IT risk in their organization and aptly respond to intrusions. But they can't build their way out of the cybersecurity hole. Relying on external expertise and solutions is their best option, but you need to know what to buy and whom to buy it from.

Outsourcing Your SOC

A SOC identifies cyberthreats in real time using log data analysis from myriad data sources within the organization. This up-to-the-second analysis of log data is essential to maintain a strong security posture. The set-it-and-forget-it solutions of old have long been obsolete, as modern business networks need constant monitoring in order to protect their assets.
 
While some SMBs look to managed security services providers for SOC management and capabilities, that isn’t always a wise choice. Many MSSPs have a limited focus on niche services, such as, encryption, multi-factor authentication, and identity access management.
 
For a more holistic security strategy, small-business leaders should consider working with a managed provider of security operations solutions that can deliver robust, comprehensive threat detection via a cloud-native security operations platform.
 
A security operations employee looking at a group of monitors.

What a Managed SOC Should Do

Filter Out the Vast Majority of False Alarms

Among organizations that suffer from cybersecurity fatigue, 93% report that they see more than 5,000 alerts every day. The managed SOC provider's platform needs to not only collect, enrich, and analyze data from a broad range of sources, but also use multiple detection engines and human analysts to eliminate false positives.

Supply Threat Intelligence Reports

Cyberthreats are dynamic and cybercriminals constantly evolve their tactics, techniques, and procedures. Correlating events with multiple threat intelligence sources—both commercial and open-source feeds—provides critical context for analysts.

Guarantee Threat Lifecycle Visibility

It's not enough to catch the threat “in the moment." If your managed SOC vendor doesn't have visibility into the entire lifecycle—where the threat came from, with which systems did it interact, and so on—there's no guarantee the threat was eradicated.

Provide Customized Options

Many providers have a prescribed list of technologies they support, but that doesn't help you leverage your existing IT investments. The provider should be able to monitor a broad range of log sources, and create custom rules for your unique environment.

Remediate Threats

Some MSSPs have limited threat remediation capabilities, leaving the heavy lifting to their customers. But when a threat is detected, every minute counts. It's imperative that the vendor offers fast, proactive incident investigation, along with remediation and the ability to validate that the threat has been neutralized.
 
These are all essential components of a bona fide SOC. While you may not have the budget to orchestrate these functions in-house, there's no excuse for outsourcing to an MSSP that can't handle what’s outlined above.
 
To gain a 360-degree view of their security environment and protect themselves against today's threats, SMBs need to work with an MDR and managed risk partner who can provide a highly trained team of experts 24x7. By investing in security operations, you can preempt the unique sources of risk your organization is facing and create an incident response plan that works for you.
 
From here, it becomes easy to identify what additional services and solutions you may need to protect your digital assets.

Where SMBs Can Find Cybersecurity Help

Small and medium-sized enterprises can no longer afford to ignore cybersecurity. Being prepared to identify and respond to threats is essential for remaining competitive. In fact, it can even be a matter of survival.
 
For organizations that don't have adequate resources for in-house SOC operations, a managed security operations solution offers a cost-effective alternative. This option eliminates the need to invest millions of dollars in a SOC, plus it provides access to highly trained security experts that monitor your organization’s cybersecurity 24x7.
 
Learn how Arctic Wolf can keep your small or medium-sized business secure around the clock—and help you mitigate cybersecurity risk.

Additional Resources