Cloud 9 Advisers - News #Managed SecurityCloud 9 Advisers - News #Managed Securityhttps://www.cloud9advisers.com/News/tag/managed-securityWed, 25 Feb 2026 13:27:20 -0800http://zoho.com/sites/<![CDATA[SMEs can't keep up]]>https://www.cloud9advisers.com/News/post/smes-can-t-keep-up

Smaller organizations reach security breaking point

From out friends at Computerworld and CSO Magazine

Senior Writer


Jun 12, 20259 mins  (a must read)

Strained budgets, overstretched teams, and a rise in sophisticated threats is leading to plummeting security confidence among SMEs as cybercriminals increasingly target them in supply chain attacks.

Limited budgets, overstretched IT teams, and a rapidly evolving threat landscape mean smaller organizations are approaching a “cybersecurity tipping point.”

The World Economic Forum’s (WEF) Global Cybersecurity Outlook 2025 report noted that “71% of cyber leaders say small organizations have already reached a critical tipping point where they can no longer adequately secure themselves against growing complexity of cyber risks.”

More than a third (35%) of small organizations believe their cyber resilience is inadequate, a proportion that has increased sevenfold since 2022.

By contrast, the share of large organizations reporting insufficient cyber resilience has nearly halved over the same period.

Skills gap leading to deteriorating security outlook

Experts quizzed by CSO said that the rapid adoption of emerging technologies — which comes with the downside of fresh vulnerabilities that cybercriminals can exploit — together with a widening skills gap is contributing to a deteriorating security outlook for small and midsize businesses (SMBs).

“Cyber skills gaps are prevalent in SMBs largely due to a lack of resources and specialized knowledge,” says Tom Exelby, head of cybersecurity at managed security services firm Red Helix. “Many SMBs don’t have dedicated cybersecurity teams, and those in charge of security can lack the confidence to perform even basic cyber tasks.”


Small and medium enteprises (SMEs) that do have budget to hire specialists often struggle to attract and retain skilled professionals due to the lack of variation in the role. Burnout is also a growing issue for the understaffed, underqualified IT teams common in small business.

“With limited resource in the business, employees are often wearing multiple hats and the pressure to manage cybersecurity on top of their regular duties can lead to fatigue, missed threats, and higher turnover,” Exelby says.

WEF’s report estimates that the cyber skills gap has increased by 8%, with two out of three organizations reporting moderate-to-critical skills gaps, including a lack of essential talent and skills to meet their security requirements. WEF’s findings are based on a survey of 321 qualified participants supplemented by 43 one-to-one interviews.


Resource constraints common in smaller businesses make maintaining even basic security posture an uphill struggle.


Steven Wood, director of solution consulting for EMEA at OpenText Cybersecurity, tells CSO: “Implementing and maintaining even basic defenses require strategies at multiple levels — user training, email threat detection, endpoint protection, DNS layer filtering, proper authentication, patch management, event monitoring, backups and drills — which can overwhelm small IT teams with limited budgets and headcount.”

Wood adds: “Given the scope of this list, it can be difficult for organizations to keep up with even baseline best practices for security.”

SMEs targeted by supply chain attacks

SMEs often mistakenly believe that cyber attackers only target larger organizations, but that’s often not the case — particularly because small business partners of larger companies are often deliberately targeted as part of supply chain attacks.

“Threats are becoming more advanced but their resources aren’t keeping pace,” says Kristian Torode, director and co-founder of Crystaline, a specialist in SME cybersecurity. “Many SMEs are still relying on outdated systems or don’t have dedicated security teams in place, making them an easy target.”

Torode adds: “They’re also seen by cybercriminals as an exploitable link in the supply chain, since they often work with larger enterprises.”


“SMEs have traditionally been low-hanging fruit — with limited resources for cybersecurity training, advanced tools, or dedicated security teams,” Adam Casey, director of cybersecurity and CISO at cloud security firm Qodea, tells CSO. “More often than not, cybersecurity is left to overstretched IT departments already juggling multiple responsibilities.”

Training shortcomings and regulatory headaches

Cyber training is another area where smaller firms are falling behind.

“Annual training modules are no longer fit for purpose given the rate of change,” says Dr. Rick Goud, CIO and cofounder of secure email vendor Zivver. “What is needed is more dynamic, context-aware education that is delivered when and where employees are most likely to make mistakes.”


In addition to challenges keeping up with the latest training, the proliferation of regulatory requirements around the world is also adding a significant compliance burden for smaller organizations.

“As regulations like NIS2 and GDPR become stricter, compliance is often left to senior leadership teams who are already juggling multiple roles,” Goud says. “Without a dedicated data protection officer or team, it’s easy for things to fall through the cracks, especially when third-party suppliers are involved.”

Worse, the need to comply with NIS2 in the EMEA region is eating into IT budgets, placing further strain on smaller organizations. Moreover, regulations like NIS2 and DORA are placing even greater pressure on talent markets and skills gaps.


Growing threats

Smaller teams, already struggling with limited cyber skills, are often ill-equipped to manage a growing array of threats. This is contributing to a widening gap in security maturity between larger and smaller organizations.


“Unlike large enterprises, SMEs often lack the budget and specialized personnel to secure a sprawling IT stack, especially as hybrid work and cloud adoption expand their attack surface,” says Robert Phan, CISO at cloud-based directory services firm JumpCloud.

Martin Greenfield, chief executive at Quod Orbis, also sees the shift to cloud and hybrid work environments challenging SMEs at a time when “threat actors have become faster, smarter, and better resourced,” he says.

Moreover, a small business monoculture of similar (cheap) security tools and much the same IT equipment — often set up in default (insecure) configurations — makes it possible for cybercriminals to automate attacks against SMEs at scale, notes Richard Werner, cybersecurity platform lead for Europe at Trend Micro.

As a result, security threats are evolving and growing faster than most SMEs can track let alone remediate. For example:

  • Generative AI is supercharging phishing and BEC social engineering: Attackers are using AI to craft highly personalized, fluent phishing lures — making messages harder to spot and massively increasing overall volume.
  • Ransomware-as-a-service has professionalized: Today’s RaaS platforms offer affiliate dashboards, playbooks, negotiation support, and multi-extortion (combining encryption, data theft, and public shaming), raising both the technical sophistication and reputational pressure on victims.
  • New attack surfaces are rising around cloud and identity: “Poor IAM and exposed remote-access services have driven a surge in cloud-focused ransomware and account-takeover attacks,” according to OpenText Cybersecurity. “In 2024 alone, cloud ransomware incidents spiked as attackers moved beyond endpoints to steal API keys or abuse services like Okta and Azure AD.”

“Security threats are evolving faster than most SMEs can track,” Zivver’s Goud says. “AI-driven phishing, deepfake scams, and automated exploitation are all on the rise, but most organizations do not have the internal capability to monitor or respond to them. That gap is growing and so are the risks.”


Vulnerability surge

Small business IT teams have always struggled to prioritize and triage security problems — a problem that has only grown more acute in recent years as the volume of vulnerabilities has increased.

According to the Verizon Data Breach Investigation Report for 2025, vulnerabilities grew as an attack vector by 180% over the year prior. Looking at the number of software vulnerabilities reported, that number has gone up as well — from 25,059 in 2022 and 28,961 in 2023 to 40,077 in 2024.

“When you are a small team, that number of issues is just impossible to track,” Matt Middleton-Leal, managing director for EMEA at Qualys, tells CSO. “The right approach here is to grade potential issues for severity and then spend time on what matters. This can help every small team have a big business impact.”


Business dynamics also have a part to play in the increasing security problems faced by SMEs.

“SMEs have accelerated digital transformation to remain competitive or simply to stay operational during the pandemic,” Qodea’s Casey points out. “Yet many still lack the internal expertise to properly assess or address the security implications of this shift."

Mitigation

While a wealth of information is available, such as the UK NCSC’s small business security guide, small businesses often find it difficult to find actionable guidance.


During a session at the Infosecurity Europe conference earlier this month, representatives of the CyCOS project explained how they were offering a community-based approach to support small business in becoming more secure.

CyCOS is a collaboration between three UK universities (Nottingham, Queen Mary, and Kent), and is supported by a variety of partners, including the Home Office, National Cyber Security Centre (NCSC), ISC2, the Chartered Institute of Information Security (CIISEC), and three regional Cyber Resilience Centres.

During the panel, Professor Steven Furnell, a CIISEC board member, pointed out that “SMEs have the security guidance but they don’t know how to take it forward by building communities, so that small businesses have someone to talk to apart from consultants.”

Industry experts argue that use of managed security services can help small businesses to become more resilient.

“In the short term, SMBs can solve the problem by partnering with a managed security services provider who can not only better protect them and respond to threats but also advise them away from overinvesting in security tech that they really don’t need,” says Red Helix’s Exelby. “To fix the long-term skills gap issue impacting the entire sector, education is a key alongside greater diversity.”

Automation is another vital security strategy for helping SMBs mind the gaps.

“Most small IT teams can’t manage the constant churn of alerts, patches, and manual controls — that’s why automation is essential,” says Albert Estevez, field CTO at Zero Networks. “By automating segmentation and access control, organizations can reduce risk and contain threats — without needing enterprise-sized security teams.”


Link to original CSO article: https://www.csoonline.com/article/4003892/smaller-organizations-nearing-cybersecurity-breaking-point.html 

Let Cloud 9 introduce you to: 

Get Started Now
]]>Fri, 20 Jun 2025 20:19:37 -0500<![CDATA[Under Constant Attack]]>https://www.cloud9advisers.com/News/post/under-constant-attack

Constant attacks require constant Security

We’re in an environment where our systems are constantly under attack. They're under attack from all sorts of diverse players who are trying to take advantage of the private proprietary information that is available. 


Companies are really focused on compliance ensuring that they are protecting their business value from these types of attacks. Every executive has an obligation to ensure that they are compliant with security. 


What are most companies doing for security? 


Most companies only have basic firewall protection, your basic intrusion prevention (not necessarily intrusion detection), generally just hardware-based. A few others may do just a little more; they may conduct regular scans of their environment. This is really no different than your home having a basic lock and maybe a deadbolt. There is no alarm system like you might have in a home to see and be alerted when intrusions are happening. Being alerted of intrusion is critical in business so that more immediate actions can be taken. Often enough, attacks can be sly and stealthy. Recent studies show that malicious code is embedded on business systems for more than 250 days before it is ever used to promote an actual attack. The reason being so that attackers know their code is also well planted in several layers of business backups as well as active systems. 


How have today’s complex attacks changed systems and the approach to security? 


The attacks are becoming more sophisticated, automated,  and voluminous, so we no longer have the time nor capability to react in a manual way. We actually have to have machine learning and other artificial intelligence technologies to adapt and scan the environment much more rapidly looking for these constant intrusions malicious code, and breeches. These technologies work in tandem with professional cybersecurity teams and Security Operations Centers (SOCs) to constantly manage, monitor, and alert. The trick with alerts is dramatically reducing false positives. Too many alerts are just as futile as too few. 

How much does a cyber attack cost? 


Recent US cyber crime studies show an average measurement of damage from a breach: a 46 day long average resolution at an average of $21k per day, plus regulatory fines, and major customer fallout. These attacks can be highly damaging to any business. Cyber insurance can only go so far and cover so much. Claims can also be denied for a host of often confusing reasons, leaving the business to fit the bill. These newer types of cyber insurance policies have many requirements and stipulations, and with a sense of irony, those requirements are very much cybersecurity technology many of which are security technology related.


Contact us today and let’s evaluate your business security posture.

About Cloud 9

Cloud 9 Advisers is a client-only, client-focused agency and consulting group offering vendor selection and management services to help you solve IT and general technology problems fast. We'll walk you through the identification, research, evaluation, and comparison process, provide board-ready documentation and due diligence, and provide oversight of solution implementation on any of our 250+ vendors, carriers, and service providers. 


Our teams of vendor-neutral security focused engineers will help you slice through the marketing fluff and  industry jargon so you know what you're buying. We'll help you make smart IT investments quickly and confidently. Reach out to us today!

Get Started Now
]]>Wed, 21 Jul 2021 14:59:22 -0500<![CDATA[Case Study: Nonprofit]]>https://www.cloud9advisers.com/News/post/case-study-nonprofit

Nonprofit needed unstoppable Internet and Security

Nonprofit office expansion needed strong security and bulletproof internet. Cloud 9 saved the day!
A long-time Nonprofit client of Cloud 9 Advisers was looking for a budget-conscious solution to improve connectivity as they added new locations across the country and to correct problematic reoccurring outages and “brownouts” they’d been having with their high-speed broadband cable provider. With a handful of critical applications and a lean IT staff, they needed a solution that would streamline their network management and generally improve security. While they had your typical set of security solutions, it was aging and they found themselves managing more than they’d like and didn’t have the staff or the skillset to manage a complex security solution. While they hadn’t had any security incidents, they decided up-to-date services made sense but didn’t want to spend any more than they had in the past. A new and modern managed security solution would be a “nice-to-have” if it fit the budget.


Dual Bandwidth connections


With their two current locations and two more coming on board along the East Coast, they wanted to ensure each site had solid, reliable internet connectivity especially considering their recent experiences. They’d been pushing more apps to the cloud, especially communications and collaboration tools so a high-quality connection was important at each site, but they wanted to avoid the higher costs of Direct Internet Access (DIA) Fiber circuits, if possible. Plus they still had a few highly proprietary database servers running at their headquarters in the Washington, DC area with off-site cloud backups. 


They got lucky at the original two locations, their two largest, and the winning provider was able to find both broadband cable and broadband fiber. The two new locations were going to be smaller satellite locations, so broadband cable and a cheap strong secondary connection were chosen. One site had cable and DSL, the other site had cable and a 4G LTE mobile data-only device. 


Secure Access Service Edge (SASE)


Cloud 9 vendor-neutral engineers realized that dual bandwidth connected to a solid SD-WAN solution would address the customer connectivity requirements by providing rock-solid, bulletproof connectivity (to the point were even if a connection dropped during a VoIP call, the call would stay active) and be able to fully control video and call quality. We also want to address their security "nice-to-haves" as well. 


A real and proper SDWAN solution is arguably the best option for any video and VoIP communication apps, and considerably improved VPN performance.


The customer-selected winning provider included a Secure Access Service Edge (SASE, pronounced sassy)  platform that combined all the benefits of a top SD-WAN, plus was able to replace the customer’s entire security stack and even endpoint protection agents. SASE improves security, boosts network performance, and reduces the number of vendors and devices businesses and IT have to deal with. The winning provider's SASE (security) solution had five key ingredients: SDWAN, Zero-Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Next-Gen Firewall (NGFW), and Secure Web Gateway (SWG) for devices--and all cloud-based.


As an added and unforeseen bonus especially during the pandemic shutdowns, the SASE solution was able to allow all end-users and devices to authenticate and gain secure access to all the resources both cloud and on-premise, that they are authorized to reach protected by security, located close to them. Once authenticated, the end-users had direct access to those resources, rather than having to be routed to a central location via traditional firewall and VPN. This dramatically reduced latency issues for all users working from home. 


As the Cloud 9 engineering team dug deeper into solutions options the project ballooned and the customer realized they would be able to cover far more than they had originally expected. 

Cloud 9 was able to present and introduce the customer to four top service providers that were able to provide and manage all the internet circuits, even though they we from several different carriers, a far superior security stack with the SASE platform, and fully manage and support  the entire solution. All things considered there was only a minor increase in the total new solution price compared to what the customer was previously spending. However, even better, the customer had originally planned on a 35% increase due to the fact that they knew they wanted dual connections, assumed DIA fiber would be required, and had planned on replacing some of their original security appliances and software. The customer was absolutely thrilled with the entire experience.

About Cloud 9 Advisers

Cloud 9 Advisers helps business leaders make IT buying decisions quickly and confidently. Whether you need impartial advice on the best new tech, or assistance with a project outside your wheelhouse, we have expertise in four critical segments: Cybersecurity, Communications, Connectivity, and Cloud. We work with you to identify, research, evaluate, and compare appropriate solutions and vendors; eliminating months of labor trying to do it on your own.

Get Started Now
]]>Thu, 01 Apr 2021 19:47:36 -0500<![CDATA[Case Study: Restaurant Tech]]>https://www.cloud9advisers.com/News/post/case-study-restaurant-tech

Restaurant needs Multi-location Internet and Managed WiFi

Enable WiFi Networks to Attract Customers


A nationwide chain of fast-causal restaurants approached Cloud 9 in the midst of executing a growth strategy that involved opening numerous additional locations on or near college campuses nationwide. As they looked to carry out their plan, they understood that providing reliable, free WiFi in their restaurants was an important way to attract customers.


Using their existing arrangement, adding new branches to the network or increasing bandwidth at a location was going to be costly and time consuming.  With locations spread across the entire United States, there would simply be too many carriers, contracts and individual projects to efficiently manage. The customer needed an affordable solution for internet connectivity that could deliver WiFi service at hundreds of locations across the country. Additionally, the customer was looking for outside expertise to help them manage each of these network components as a whole. As their current Internet contracts came due at individual locations, the customer needed a partner with the ability to cover all their locations and effectively project manage the volume. With locations throughout the continental U.S., there wasn’t a single provider that could meet their needs in each region.


Customized Solution


The client reached out to Cloud 9 Advisers to help develop a winning solution and then to identify, research, evaluate, and compare suitable vendors that could service all 274 client locations. 


Cloud 9 was able to introduce the client to several possible candidate vendors that could provide a customized solution for each location that took into support, service availability, and overall value. 


The clients hadn’t even considered seeking out a vendor that could not only deliver internet to each location but also manage each locations WiFi. The winning provider ultimately provided a solution that resulted in a combination of broadband cable and broadband fiber with SDWAN and a DSL backup connection at each site. Since the provider also had other managed services offerings the client chose to include Managed WiFi and security as well. The vendors team and Cloud 9 engineering used their overall knowledge of the telecom landscape to provide a specific location-by-location approach.


Dedicated Resources Empowered to React


As the project continued, inevitable challenges arose that threatened to significantly delay service deployment.  While these situations are typical and, to an extent, expected in wide-scale deployments, Cloud 9 and the winning telecom and managed services provider was uniquely suited to shift gears to avoid significant delays.  For example, several locations required a build. With dedicated vendor resources keeping a close eye on the project, the vendors project management and implementation teams could quickly move to another underlying provider. Being able to see the different options across vendors at any given location and understand the implications of one over another helped the customer avoid costly builds and unnecessary delays.


All Locations Covered


The customer has, to-date, turned up Internet access at over 200 of its 274 locations. For this customer, partnering with Cloud 9 to find the right vendor has meant not being tied to a single carrier’s network assets and not having to manage multiple suppliers. Instead, they receive the most efficient and cost-effective solution on a case-by-case basis. At the same time, they still benefit from a single provider who can assist them in deploying, managing, and supporting every location and the entire network. Add to that a team of dedicated resources to design, deliver and support the service, the experience has exceeded the customer’s expectations – delivering simplicity, flexibility and value.


In the end, the customer increased their bandwidth at each of their restaurant locations while delivering more value to their customers via a better WiFi experience, all while reducing their expected costs, IT resources, and having a single call for support. Through this experience, the customer has gained tremendous confidence in Cloud 9 Advisers and the winning vendor.



About Cloud 9 Advisers

Cloud 9 Advisers helps business leaders make technology buying decisions confidently and quickly. We also work with understaffed IT teams who are embarking on projects outside their wheelhouse. We are impartial, unbiased, and vendor-neutral technology practitioners with expertise in four critical segments: Cybersecurity, Communications, Connectivity, and Cloud. We do not sell solutions, we help you buy the right solutions. We are not a vendor, we help you find the right vendors. We’ll help you quickly identify, research, evaluate, and compare appropriate solutions and vendors; eliminating months of labor trying to do it on your own.

Get Started Now
]]>Wed, 17 Mar 2021 20:24:00 -0500