A new report, “Are Organisations Completely Ready to Stop Cyberattacks?,” (PDF) reveals small to medium sized businesses (SMBs) lack the resources they need to protect themselves against malware attacks. Commissioned by Webroot and in partnership with Wakefield Research, the study indicates just 37 per cent of IT decision makers surveyed in the US, the UK, and Australia believe their organisations are completely ready to manage IT security and protect against threats.
According to the survey, IT employees at nearly 1 in 3 companies (32 per cent) juggle security along with their other IT responsibilities. This leaves employees stretched thin and unable to devote the necessary time to many critical cybersecurity tasks. Instead of taking a more proactive approach, these companies are often left on the defensive.
The vast majority of SMBs do not have security budgets remotely comparable to those of large (and previously breached) enterprises, such as J.P. Morgan, Target, and Anthem. In fact, according to the study, nearly 60 per cent of respondents think their business is more prone to cyberattacks because they have too few resources for maintaining their defences.
Almost half (48 per cent) think their company is vulnerable to insider threats, such as employees. Following that, 45 per cent believe they are unprepared for unsecured internal and external networks, such as public WiFi, and 40 per cent for unsecured endpoints, such as computers and mobile devices. All of the conduits cited should be cause for concern; within the past few years, hackers have exploited them to execute a number of high profile breaches.
The survey respondents’ lack of confidence may be due to a reliance on outdated, traditional antivirus tools, many of which depend on large threat signatures downloads and system-intensive scans. Statistically, the US, UK, and Australia only differed by a few percentage points overall, when it came to the pain points being examined. Still, there were a few notable differences:
Overall, 81 per cent of respondents plan to increase their annual IT security budget for 2016, by an average of 22 per cent. Respondents are also very open to other strategies for improvement, with an overwhelming 81 per cent also in agreement that outsourcing IT solutions (including cybersecurity endeavours) would increase their bandwidth to address other areas of their business.
Achieving a stronger security posture through outsourced cybersecurity should first involve due diligence in identifying a managed service provider (MSP) that delivers solutions that meet the necessary criteria, the report suggests. The most promising MSPs are those who offer platforms that leverage cloud-based security architecture, thereby allowing SMBs to implement protection without investing in new infrastructure or being burdened by upfront deployment and management costs.