SMBs embrace new tech but fail to invest in security - study
Check Point Software Technologies, a provider of cybersecurity solutions globally, has released the results from a new survey of the SMB cybersecurity market, conducted by research firm Analysys Mason.
It sought to uncover how SMBs are emerging from the pandemic, and how their business and technology needs are changing.
The survey revealed that, while SMBs understand the need to invest in technology to support growth in the world of hybrid working, many fail to prioritise security.
The survey reflects that a majority of organisations including SMBs have embraced cloud, mobile, and SaaS technologies in recent years. Compared with pre-pandemic levels, there has been an increase in IT spending to drive business growth.
SMBs have accepted that the hybrid work model is here to stay and therefore have increased their investment in communication technologies and services to support remote workers. With remote workers using home and office access points, the attack surface has expanded thereby increasing the risk of cyber attacks.
With the increase in supply chain attacks across the industry, cyber criminals are increasingly using more vulnerable SMBs as an entry point into larger enterprises. This approach wreaks havoc on both the SMBs, and all the enterprises they interact with.
Given the global cybersecurity skills shortage, SMBs are struggling to properly secure their critical assets, making them a growing target for cyber criminals. Larger enterprises usually have bigger IT budgets and security resources, so they can recover more easily from a cyber attack. For SMBs, a cyber attack can be fatal to their business.
The survey found that two of the biggest impacts that cyber attacks have on SMBs include lost revenue (28%), and the loss of customer trust (16%).
The survey of 1,150 small and medium-sized businesses also revealed:
SMBs struggle with a lack of expertise and require additional support: Less than a quarter (22%) of respondents felt they were extremely well protected against cyber attacks, and only a minority have internal security specialists or are working with a third party.
This means that a large number of SMBs either have no security products in place or these products are managed by non-specialist staff. While there is a significant rise in the number of SMBs working with Managed Service Providers (MSPs) to help address IT issues, around a third of respondents noted they would like additional help from their MSP in upgrading security.
Cybersecurity as an investment: The SMBs surveyed clearly recognised the disastrous effects of a cyber attack on their company but seemed to agree that they had inadequate security budgets. Security vendor solutions priced beyond their budgets was identified as a key challenge to having effective cybersecurity capabilities. Something has to change, to enable SMBs to take a longer-term view of the value of cybersecurity so that they can invest today to protect their growth tomorrow.
SMBs are adapting to the 'new normal' but mobile security is lacking: SMBs are expecting 40% of their employees to continue working remotely for at least some of the time. The highest priority in all countries was to ensure that IT can be managed and supported remotely, validated by additional laptop purchases and increased VPN capacity. However, the survey also shows that the take up rate of even basic security products is low. The most adopted service, endpoint protection, is only used by 67% of respondents and less than half have any form of mobile security.
Eyal Manor, Vice President of Product Management at Check Point Software says, "It is reassuring that SMBs have increased their investment in cybersecurity to support business growth and the new hybrid work model, but having the correct mix of security products is only part of an effective strategy. Because there is a shortage of cyber security workers for SMBs, they require security solutions that deliver proven threat prevention, are extremely simple to deploy and manage, and offer the flexibility of an 'all-in-one' solution that combines security and internet connectivity."
He continued, "SMBs should also be looking for a consolidated and unified security suite that achieves a high level of protection across their network, endpoints, mobile and email. SMB security providers should use a prevention-first approach and one that cuts down TCO, by reducing the need to manage additional staff or security expertise. SMBs should also consider leveraging third party managed service providers to gain access to experienced cybersecurity professionals at an affordable cost. Third party advisors can provide expert advice on the best security solution for each SMB along with training and ongoing support."