Cybercriminals are increasingly targeting small and medium-sized businesses (SMBs), according to a survey conducted by independent research firm Ponemon Institute and password management and digital vault specialist Keeper Security.
"The 2017 State of SMB Cybersecurity" survey of 600 individuals at companies with a headcount of 100 to 1,000 employees highlighted 10 SMB cybersecurity trends:
- Cyberattacks are becoming more prevalent. The number of cyberattacks against SMBs rose from 55 percent in 2016 to 61 percent in 2017.
- Ransomware attacks are on the rise. Two percent of SMBs said they experienced ransomware attacks in 2016. Comparatively, 52 percent stated they suffered a ransomware attack in 2017.
- Data breaches are growing in size and severity. Fifty-four percent of SMBs indicated they had a data breach involving sensitive information about customers, target customers or employees this year, up from 50 percent last year. Also, the average size of a data breach involved 9,350 individual records this year, an increase from an average of 5,079 records in 2016.
- Employees are putting sensitive data at risk. Fifty-four percent of SMBs noted negligent employees were the root cause of a data breach, an increase from 48 percent last year.
- SMBs are concerned about the Internet of Things (IoT). Twenty-three percent of SMBs reported their organization had a data breach or security incident due to the use of Internet of Things (IoT) devices, and 67 percent said their organization is very concerned or concerned about the security of IoT devices in the workplace.
- Exploits and malware are problematic. Sixty-six percent of SMBs were involved in situations where exploits and malware evaded their intrusion detection system in 2017, up from 57 percent last year.
- SMBs lack visibility into employees' password practices. Fifty-nine percent of SMBs do not have visibility into employees' password practices, including the use of unique or strong passwords.
- Most SMBs do not enforce password policies. Sixty-eight percent of SMBs said they do not strictly enforce password policies or are unsure about how to enforce these policies.
- SMBs are starting to engage MSSPs for support. On average, 21 percent of an SMB's IT security operations are supported by MSSPs.
- Cyberattacks are becoming more expensive. The average cost due to damage or theft of IT assets and infrastructure rose from nearly $880,000 last year to more than $1.02 million this year.
Many SMBs remain susceptible to cyber threats, which is reflected in a survey conducted by cybersecurity and threat intelligence solutions provider Webroot.
The Webroot "Cyber Threats to Small- and Medium-Sized Businesses in 2017" survey of 600 IT decision-makers at companies with 100 to 499 employees revealed 71 percent of respondents said they are not ready to address external cybersecurity threats. In addition, 94 percent stated they plan to increase their annual IT security budget this year.
To help SMBs minimize cybersecurity risks, Webroot offered the following recommendations:
- Develop a plan to respond to security breaches; this plan should include an MSSP or other outside resources that can provide immediate assistance.
- Teach workers about phishing scams and other types of cyberattacks.
- Invest in mobile security tools that can help employees protect their mobile devices against malicious applications.
- Review cybersecurity risks and budget accordingly.
- Update all business devices with the latest software and security patches.
- Create backup and business continuity plans to prepare for rapidly evolving ransomware.
Furthermore, SMBs that collaborate with MSSPs can use cybersecurity solutions to combat threats across multiple vectors and bolster their security posture, Webroot Vice President of Worldwide Business Sales Charlie Tomeo said in a prepared statement.