Acronis and CyberCert tap MSPs in SMB certification blitz

Acronis and CyberCert are tapping into the security vendor’s partner ecosystem to push hard for small- to medium-sized businesses (SMB) to pick up SMB1001 certifications.

The two companies have joined forces to provide Acronis managed service provider (MSP) partners with sponsored SMB1001 CyberCert Gold credits for customers, which means the vendor sponsors the cost of the credit on behalf of the customer.

The certification is available across five tiers of Bronze, Silver, Gold, Platinum and Diamond for SMBs, providing a set of cyber security standards to adhere to. The Gold certification, also known as SMB1001 Level 3, is aimed at compliance-heavy industries, like finance, healthcare, and retail.

While it can be used in conjunction with, or as a pathway to, the federal government’s Australian Signals Directorate’s Essential Eight guidelines or ISO 27001, SMB1001 is not intended to be a replacement.

Speaking to ARN, CyberCert co-founder and CEO Ryan Ettridge said it decided to partner with Acronis due to the vendor’s software aligning towards the level of checks required by the certification.

“For every MSP and SMB that get to certification, you have to use some technology to do that. Acronis is that technology,” he said. “It does a lot of the requirements that are already in SMB1001 and that was coincidental before we moved more strategically to create and evolve that product set together.

“It helps MSPs help the SMBs get certified much, much easier in a consolidated platform. So, it makes hand in glove sense.”

Meanwhile, Acronis senior vice president for Asia Pacific and Japan (APJ) and the Middle East Pasha Ershow said, in his view, SMB1001 is a good example of a good framework to help SMBs to stay protected and safe, particularly with regulatory requirements constantly changing around the world.

“In order to address that, we need not only the platform that we have, but also our partners who understand the framework and how it should work for an MSP and SMB. We are lucky to find such partnership with CyberCert,” he said.

The end goal for Ershow is monumental – for every customer of Acronis’ Australia and New Zealand (A/NZ) partner base to be certified according to the government requirements of their respective governments.

“The frameworks and requirements will evolve, so it’s a running game. Together with CyberCert, we should go down this path and eventually make sure that every business in Australia and New Zealand feels that they are fully protected and endorsed,” he added.

Ettridge’s aim meanwhile is, by 2027, to have 100,000 small businesses certified, which he feels is a realistic goal.

“We’ve just made 50,000 bronze certification subscriptions available for $0 and Acronis has made the gold subscriptions available for $0 as long as you work with one of the MSPs that are using the Acronis stack,” he said.

“All of that together means we’ve removed the friction, we’ve removed the boundaries, we’ve removed the cost for small businesses to get certified. It really is just a matter of them taking the action.

“There is no limit to the scale – the Acronis and CyberCert platforms can scale. The certification crosses boundaries. You get it in Australia, it works in New Zealand. You only need to get it once.”

Fundamentals missing when it comes to SMB cyber security

Acronis and CyberCert’s partnership on SMB-based security comes as the general A/NZ cyber security landscape faces the fact that “the fundamentals are still missing”, according to Ettridge.

“People are walking through the front door,” he said. “The attacker goes to a digital house — as a metaphor — and goes to the front door, sees that the key to the front door is sticky taped to the wall, grabs the key and then opens it anyway and doesn’t even need to use the key.

“The fundamentals are still missing. Of the small businesses and businesses in general that are getting breached, it’s because the most common controls that existed for 10-15 years are still not being done.”

An element of this is that SMBs are faced with technical information that they can’t understand, he continued.

“It’s like giving the small business the technical manual to their washing machine and then telling them to fix it themselves; this is the way standards have been designed for the small business today,” Ettridge said.

“So, it’s not their fault that they don’t know what to do. They’re not the experts. You go to accountants for expertise. You go to lawyers for expertise. You go to, ideally, your cyber security and technology MSP for expertise.

“There’s still a massive way to go for SMBs, but it’s not that hard for them to close the gap and with the technologies that are available to them, they actually just have to do it.”

Ershow also said that these SMBs have an additional disadvantage in that by their very nature of being small- or medium-sized, they simply don’t have the resources that larger enterprises do to prop up their security standings.

Even if they did, the ongoing shortage in IT and cyber security skills creates further SMB difficulty, with any attempts to fill these gaps requiring time and money these businesses can’t afford to give up.

“That’s a big gap for SMBs, and the MSP channel is the right way to address those challenges, because MSPs are using technologies like the Acronis platform and being trained and properly knowledgeable on cyber security aspects,” Ershow added. “They can serve millions of SMBs without these SMBs necessarily becoming experts in cyber security.”