Happy National Small Business Week1 in the United States! Small and medium businesses (SMBs) are the bedrock of our economy, representing 90 percent of businesses and more than 50 percent of employment worldwide.2 As we celebrate their innovation and contributions this week, it’s important to acknowledge the increased cyber risks they face as they embrace hybrid work and new digital business models, along with the emergence of cyberattacks as a service.
Increased security concerns with the changing SMB landscape
Microsoft surveyed more than 150 small and medium businesses in the United States in April 2022 to better understand the changing SMB security needs.3
More than 70 percent of SMBs said cyberthreats are becoming more of a business risk. With nearly one in four SMBs stating that they had a security breach in the last year, they have reason to be concerned. In fact, there has been a more than 300 percent increase in ransomware attacks, of which more than half were directed at small businesses.4
Despite facing similar risks as enterprises, SMBs often lack access to the right resources and tools. Many SMBs still rely on traditional antivirus solutions for their security. Although 80 percent of SMBs state they have some form of antivirus solution, 93 percent continue to have concerns about the increasing and evolving cyberattacks—with phishing, ransomware, and data protection being top of mind.
What makes SMBs particularly vulnerable is that they often have fewer resources and lack specialized security staff. In fact, less than half of the SMBs surveyed have a dedicated IT security person in-house, and SMBs cite a lack of specialized security staff as their top security risk factor. Sophisticated enterprise security solutions are often prohibitively complex or too expensive—or both.
Delivering on security for all to help protect SMBs
At Microsoft Ignite, we shared our vision for security for all, believing that small and medium businesses should have affordable access to the same level of protection as enterprises. Today, we’re excited to take that vision a step further with the general availability of the standalone version of Microsoft Defender for Business. Defender for Business brings enterprise-grade endpoint security to SMBs, including endpoint detection and response (EDR) capabilities, with the ease of use and the pricing that small business customers and their partners expect.
Microsoft Defender for Business is already included as part of Microsoft 365 Business Premium, our comprehensive security and productivity solution for businesses with up to 300 employees. Customers can now purchase Defender for Business as a standalone solution. Server support will be coming later this year with an add-on solution.
Enterprise-grade security to protect against ransomware and other cyberthreats
To protect against the increasing volume and sophistication of cyberattacks such as ransomware, SMBs need elevated security. Many SMBs still rely on traditional antivirus, which provides only a single layer of protection by matching against signatures to protect against known threats. With Defender for Business, you get multi-layered protection, detection, and response, spanning the five phases of the National Institute of Standards and Technology (NIST) cybersecurity framework—identify, protect, detect, respond, and recover—to protect and remediate against known and unknown threats. Let’s look at the capabilities in detail:
- Threat and vulnerability management helps you to prioritize and focus on the weaknesses that pose the most urgent and highest risk to your business. By discovering, prioritizing, and remediating software vulnerabilities and misconfigurations, you can proactively build a secure foundation for your environment.
- Attack surface reduction options help to minimize your attack surface (like the places that your company is vulnerable to cyberattacks across your devices and applications), leaving bad actors with fewer ways to perform attacks.
- Next-generation protection helps to prevent and protect against threats at your front door with antimalware and antivirus protection—on your devices and in the cloud.
Detect and respond
- Endpoint detection and response provides behavioral-based detection and response alerts so you can identify persistent threats and remove them from your environment.
- Auto-investigation and remediation help to scale your security operations by examining alerts and taking immediate action to resolve attacks for you. By reducing alert volume and remediating threats, Defender for Business allows you to prioritize tasks and focus on more sophisticated threats.
Built for SMBs, easy to use, and cost-effective
We designed Defender for Business keeping the needs of SMBs in mind.
Because IT admins for SMB customers and partners are often juggling many roles at once, we wanted to provide a solution that was easy to set up and could detect and remediate threats automatically so you get time back to focus on running your business. Defender for Business comes with built-in policies to get you up and running quickly. We’ve also included a simplified wizard-based onboarding for Windows devices. Additional simplification for macOS, Android, and iOS is on the roadmap.
With automated investigation and remediation, we do the type of work handled by a dedicated Security Operations (SecOps) team by continuously detecting and automatically remediating most threats.
For Martin & Zerfoss, an independent insurance agency, security was top of mind. Partner Kite Technology Group recommended Defender for Business: “With Microsoft Defender for Business, we’re able to bring enterprise-grade security protection to our small and midsize business customers. We can now meet their current security requirements and prepare them for whatever comes tomorrow,” said Adam Atwell, Cloud Solutions Architect, Kite Technology Group.
He adds, “Automated investigation and remediation is a huge part of the product [because] it’s just happening in the background. Microsoft Defender for Business makes our security so simple.”
Benefits of Defender for Business for partners
SMBs often turn to partners for securing their IT environments, and rightly so. We recognize that securing SMB customers often means providing partners with tools to help them secure their customers efficiently.
Defender for Business and Microsoft 365 Business Premium give partners new opportunities to help secure customers at scale with value-add managed services. Both solutions integrate with Microsoft 365 Lighthouse, made generally available on March 1, 2022, so Microsoft Cloud Solution Provider (CSP) partners can view security incidents across tenants in a unified portal. WeSafe IT, a CSP partner from Sweden, was an early adopter of Defender for Business in Business Premium with Microsoft 365 Lighthouse. The company found that the integrated solution brought it comprehensive customer value and the ability to increase automation and earnings.
“We’ve found no other solution like Microsoft 365 Business Premium that manages such a complete span of functionality for small- to medium-sized businesses at anywhere near the cost or flexibility,” said Martin Liljenberg, Chief Technology Officer and co-founder, WeSafe. “From a partner perspective, it’s intuitive and effortless to apply to customer environments. MSPs that take advantage of Defender for Business can increase automation and earnings while providing their SMB customers better security and service.”
We’re also pleased to announce integrations of Remote Monitoring and Management (RMM) tools that managed service provider partners often use to secure their customers at scale. Datto RMM’s integration with Microsoft Defender for Business is now available for partners. ConnectWise RMM integration with Microsoft Intune and Microsoft 365 Business Premium is coming soon.
Microsoft Defender for Business and Microsoft 365 Business Premium are available from a variety of Microsoft Cloud Partners, including some of the most recognized names in the industry, such as ALSO, Crayon, Ingram Micro, Pax8, and TD Synnex.
For more details on the partner opportunity and benefits of Defender for Business and Microsoft 365 Business Premium, see our partner blog post.
See how Microsoft Defender for Business can help your business
If you work for a small or medium business, try Defender for Business for yourself to see how the solution can benefit your company or reach out to your partner for more information. You’ll also find more details in our TechCommunity blog. Partners can check out the Microsoft Partner blog and join our webinar on May 5, 2022.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1National Small Business Week, U.S Small Business Administration.
2Small and Medium Enterprises (SMEs) Finance, The World Bank.
3April 2022: Microsoft Small and Medium Business quantitative survey research: Security in the new environment.
4May 2021, Alejandro Mayorkas, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, in an interview.