A trip to any major cybersecurity conference reveals vendors promoting the latest, cutting-edge cybersecurity solutions, and many people willing to pay top dollar for them. But a closer look shows that the average user, and even some small businesses, are being left behind.
The majority of cybersecurity tools are created for the industry itself, which only exacerbates the cybersecurity skills shortage that’s been going on for years. Many of these solutions are so complex that a cybersecurity staff needs years of experience and expertise to operate them. Small businesses are at a significant disadvantage here, which only increases their security risk. The expertise required also creates a higher barrier to entry for cybersecurity jobs. It’s similar to a drugstore offering only prescription medications when most customers need over-the-counter (OTC) options.
Over-the-Counter Cybersecurity Solutions Explained
An over-the-counter (OTC) cybersecurity solution is one that’s easy to operate and affordable, much like taking aspirin for a headache. It should meet these three qualifications:
- The solution should be suitable for a person without a cybersecurity background to implement.
- It should be easy to set up on your device.
- If a threat is detected, it’s easy to address it and stay safe without requiring a background in cybersecurity.
The reality is that small businesses are just as affected by cyber attacks as large corporations, but they don’t have the staff or the need to implement a comprehensive cybersecurity solution. The tools available are too complex for their skill level or too expensive for their budgets. There’s a growing gap in the cybersecurity market. Basic products need to be accessible to those who are not experts.
Let's examine what would be required to offer the majority of users an easy-to-operate defensive security solution: an OTC cyber tool.
What Does Over-the-Counter Cybersecurity Look Like?
Cybersecurity incidents have become as common as a headache. Yet, most small businesses assume they have to go the route of the doctor to alleviate these security pain points. The reality is, those options are more expensive, require more management and take longer to start working. That can lead to a small business neglecting the issue or spending far more than they should to prevent future breaches.
What they need instead is an OTC cybersecurity option. One that’s simple to use and readily available, like taking two aspirin. It should cover exactly what you need covered, and you should be able to demo, trial and pay for it on your own. OTC security is easy to access, deploy and manage on your own.
Here are three questions to ask to determine whether a solution is OTC or prescription-strength:
- Is this solution suitable for a non-techie family member or friend?
- Is the level of skill you need to set up your device sufficient to set up the solution you want to put it on?
- If a threat is detected, can you address it and stay safe without knowing much about cybersecurity?
If you can say “Yes” to all three questions, then the solution you’re considering is OTC.
Finding a Balance in Cybersecurity Solutions
It’s not that these OTC solutions can replace prescription ones across the board; it’s a matter of balance.
Most vendors target organizations with a CISO and a robust security strategy, not the local small businesses or individuals who have experienced a data breach. These “prescription” tools, while effective, typically take over 12 months to realize a return on investment and include advanced features that might be out of scope for a small business’ maturity.
As a result, SMBs seeking a solution end up investing in a complex tool meant for a security operations center (SOC), when they have a one-person team that needs a much simpler configuration to match both their skill level and the organization’s security goals.
There’s the axiom that you need to get the basics down first and then expand your cybersecurity program. If that’s true, where are all the solutions that cover the basics (things like early detection and response, strong authentication products, and simple practices that are kept current) ) that you don’t need an advanced degree to use?
That’s why the idea of OTC security is so compelling. You don’t need to be an expert. You just follow the instructions and enjoy a safe and effective cure for your security ills. This type of easy-to-use security solution could also be helpful to value-added resellers (VARS) and managed service providers (MSPs), who could offer this alternative in addition to more sophisticated solutions.
How OTC Cybersecurity Solutions Can Help Small Businesses
Over time, you begin to spot patterns in the cybersecurity industry. One of these patterns is the over-prescribing of solutions that small and mid-sized businesses don’t actually need and can’t really afford or manage. It’s time to end dependency on experts and the cyber skills shortage with a novel idea: Offer solutions that don’t require cybersecurity expertise to manage.
Cybersecurity vendors should note this need and develop options that smaller companies can afford and operate effectively. Meanwhile, organizations can ask themselves the above questions to help them find an OTC solution that will keep their environment secure and their bottom line intact.
