Many small and medium-sized businesses around the world have emerged from the worst of the pandemic. They are finding their way forward in the “new normal.” While a lot has changed in the last couple of years, strong IT security is still very important. It is even more vital now as SMBs rely more on remote workers and cloud-based solutions.
Hackers are using advanced methods to break into networks and steal data. They can do this easily and remain undetected for a long time. Businesses need to protect themselves from hackers, as well as users who cause a data breach due to carelessness or not knowing better.
The attack surface is now larger than ever, and the volume and variety of threats are unprecedented. Therefore, SMBs need to be proactive instead of reactive when it comes to IT security.
Why is investing in cybersecurity important for SMBs?
If you don’t have proper protection, your business can be attacked by cyber criminals. This can leave your customers’ data vulnerable to theft. If this happens, your customers may not trust you anymore. As per a research, 74% of customers will move to a competitor if there is a security breach. Therefore, small businesses need to make cyber security a top priority. This means investing in technology, resources, finances and legal knowledge that will help protect your business from cyber criminals. It’s also important to assess and update your cyber security measures on a regular basis.
Devolutions surveyed executives and decision-makers in SMBs to help them understand the post-pandemic IT security landscape. Here are some key takeaways from the survey- highlighting the importance of cybersecurity in SMBs.
Cybersecurity threats in SMBs
- 67% of SMBs are more concerned about IT security in 2022-23. The top three cybersecurity concerns of SMBs at this time are ransomware (81%), phishing (69%), and malware (38%).
- 60% of SMBs experienced at least one cyberattack in 2021, and 18% of these experienced six or more. The average cost of a data breach for SMBs can range from USD 120,000 to USD 1.24 million per incident.
- 13% of SMBs do not implement fundamental, basic IT security measures.
Recommendation: Because data breaches can have very serious and even catastrophic consequences, all small and medium businesses should take certain basic steps to protect their data. These include separating duties, giving people only the required privileges, auditing account privileges regularly, using the four-eye principle, and having multiple layers of security.
Privileged Access Management in SMBs
- Only 12% of SMBs have a fully deployed privileged access management (PAM) solution in place.
- 28% of SMBs say they do not have the budget, and 12% think that PAM is too complex to implement and manage.
- Some SMBs are reluctant to fully deploy a PAM solution because they fear that doing so will reduce efficiency and productivity.
Recommendations: The three most important features that SMBs want in a PAM solution are: automatically expiring privileged access, built-in MFA, and password rotation reset. All these features are rooted in automation, which is crucial for SMBs that need to boost efficiency and productivity affordably. Affordable and easy-to-use PAM solutions are available for SMBs that need comprehensive privileged account governance as large organizations and enterprises.
IT Security Awareness in SMBs
- 88% of SMBs are providing some form of IT security education to their end users, but 35% of them do not measure the impact of IT security training.
- 44% of SMBs do not have a comprehensive and updated cybersecurity incident response plan in place.
Recommendation: To ensure that all the required stakeholders are aware of and understand the cybersecurity objectives and requirements, SMBs should create a comprehensive plan. This plan should include communicating with users about cybersecurity awareness training, which should focus on the most important issues, risks, and threats. If an SMB lacks in-house IT security and cloud security expertise, it should partner with a Managed Service Provider to close the skills gap.
Remote Access Management in SMBs
- 75% of SMBs are allowing some or all employees to work hybrid, whereas 6% have a completely remote workforce.
- VPNs are the most popular tool that SMBs use to manage remote access. VPNs can help reduce risks, but they also have some drawbacks. These include deployment, management, and security challenges.
- The majority of SMBs are using multi-factor authentication (MFA) as an extra layer of security.
Recommendations: Remote work has many benefits for both employees and employers. However, it also comes with some risks that need to be considered. For small and medium businesses, it is important to make sure that any remote access tools are secure and compliant. This includes making sure that the tool improves security, efficiency, and governance while being affordable. If these aspects are not considered, businesses could face unexpected problems.
IT Security Management in SMBs
- As compared to 32% last year, this year, IT security spending as a portion of the overall IT budget of 68% of SMBs falls within the recommended 6-15% range.
- 32% of SMBs are spending below the recommended range on IT security.
- 46% of SMBs are planning to increase their IT security spending in the next 12 months, while 48% will spend about the same on IT security over the next year.
Recommendations: Many small businesses have not completely recovered from the risks and pressures of cyberattacks. So, it is understandable that some businesses may reduce their spending on IT security technologies, tools, and training. However, businesses need to realize that a single cyberattack could do more financial damage than not having these security measures in place. While there are many ways for businesses to save money, cutting IT security spending is not a wise decision.
Most SMBs think they are not likely to come under a cyberattack. However, they have become an attractive target for cybercriminals. Though both large enterprises and SMBs are equally under cyber threat, the former have better systems to handle such challenges, unlike SMBs. SMBs pose as easy targets to cybercriminals due to:
- Absence of a dedicated IT team for cyber security.
- Inadequate cyber security training to the employees.
SMBs must invest in wholesome cyber protection solutions to keep the cyber threats away.
Read next: By 2026, revenue leakage from fraud and platform inefficiencies to cost CPaaS $1.4 billion