More SMBs let their guard down on cybersecurity

As attacks multiply, businesses lose confidence in their ability to stop them and have fewer precautions in place

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Despite ris­ing cyber expo­sures and inten­si­fy­ing attacks, small and mid­size busi­ness­es actu­al­ly may be regress­ing when it comes to defend­ing their networks.

That star­tling find­ing comes from a Cis­co sur­vey of orga­ni­za­tions with 250 to 499 employees.

SMBs did less to ana­lyze breach­es and used few­er threat defense tools in 2015 than they did in 2014, accord­ing to the Cis­co 2016 Annu­al Secu­ri­ty Report.

Free resource: Putting effec­tive data risk man­age­ment with­in reach

Some 48 per­cent of SMBs said they used Web secu­ri­ty in 2015, down from 59 per­cent in 2014. And only 29 per­cent said they used patch­ing and con­fig­u­ra­tion tools in 2015, down from 39 per­cent in 2014.

SMBs may sim­ply be frus­trat­ed, Kevin Par­ra, mar­ket­ing man­ag­er at Cis­co Secu­ri­ty Busi­ness Group, tells ThirdCertainty.

Feel­ing overwhelmed

With the increas­ing sophis­ti­ca­tion and vol­ume of the attacks, there is this feel­ing that ‘we can’t keep up. Some­thing bad is hap­pen­ing, and we are get­ting out­gunned,’ ” Par­ra says. I’m “not sure why some­one would dial it down, though. That, to me, doesn’t sound like a log­i­cal step. (But) the data shows that they did dial back.”

Cisco’s sur­vey found SMBs are less like­ly than large orga­ni­za­tions to main­tain a cyber inci­dent response team or a threat intel­li­gence team. Thus SMBs tend to use few­er process­es to ana­lyze com­pro­mis­es. Some 67 per­cent of busi­ness­es with few­er than 500 employ­ees have inci­dence response and threat intel teams, while 72 per­cent of large enter­pris­es, orga­ni­za­tions with more than 1,000 employ­ees, have both teams.

It can’t hap­pen to us

Anoth­er pat­tern that’s good news to attack­ers: A con­sid­er­able num­ber of SMB do not have an exec­u­tive respon­si­ble for secu­ri­ty, and many do not con­sid­er their com­pa­ny to be a high-val­ue target.

This belief hints at over­con­fi­dence in their business’s abil­i­ty to thwart today’s sophis­ti­cat­ed online attacks—or, more like­ly, that attacks will nev­er hap­pen to their busi­ness,” Cisco’s report says.

That per­cep­tion belies wide­spread evi­dence that cyber attacks against com­pa­nies of all sizes con­tin­ue to steadi­ly increase in both sophis­ti­ca­tion and inten­si­ty. “No busi­ness can afford to leave its net­works unpro­tect­ed, or to put off using process­es that might offer insights on how a com­pro­mise occurred so it can be avoid­ed in the future,” the report says.

SMB deci­sion-mak­ers also should con­sid­er how “their own vul­ner­a­bil­i­ty trans­lates to risks for larg­er enter­prise cus­tomers and their net­works,” the report says. “Today’s crim­i­nals often gain entry into one net­work as a means to find an entry point into anoth­er, more lucra­tive network—and the SMB may be the start­ing point for such an attack.

Relat­ed stories:
More SMBs get proac­tive, learn to build strong data defense
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats

Small busi­ness­es need mighty shields to com­bat big threats

Posted in Cybersecurity, Featured Story