No company, big or small, is immune to a cyber-attack or data breach. New research suggests why SMBs need to up the ante when it comes to security protection.
55% of respondents said their companies have experienced a cyber-attack, and 50% had data breaches involving customer and employee information in the past 12 months.
Top threats to SMBs are Web-based attacks, according to 49% of respondents, and phishing/social engineering (43%).
The most common causes for cyber-attacks include negligent employees or contractors (48%) and third-party mistakes (41%). Almost one-third of respondents said they could not determine what caused the incident.
66% of respondents said customer records are their biggest concern, followed by worries about intellectual property protection (49%).
Companies spent an average of $879,582 due to the damage or theft of IT assets. Disruption to normal operations cost an average of $955,429.
Only 14% of companies rate their ability to mitigate cyber-risks, vulnerabilities and attacks highly effective, and 33% said the technologies currently used can detect and block most cyber-attacks.
60% of respondents rely on strong passwords and/or biometrics to reduce the risks of attack. However, 59% do not have visibility into employees’ password practices and 65% said that if they have a password policy, they don’t strictly enforce it.
Anti-malware (90%) and client firewalls (86%) are considered the most important security technologies, followed by password protection and management (71%), and VPN and other secure Web gateways (61%).
The biggest roadblocks to a stronger cyber-security posture include a lack of personnel to mitigate cyber-risks (67%), insufficient budget (54%) and insufficient security technologies (44%).
As a result of the roadblocks, some companies engage managed security service providers to support an average of 34% of their IT security operations.
Top services MSSPs provide include monitoring or managing firewalls or intrusion prevention systems (74%), managing or monitoring security gateways for messaging or Web traffic (50%), and monitoring or managing intrusion detection systems (47%).
52% of respondents believe cyber-attacks are becoming more targeted, and 51% said cyber-attacks are becoming more sophisticated and more severe in terms of negative consequences.