Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

7/26/2019
11:50 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

2019 SMB Cyberthreat Study: Most SMBs Severely Underestimate Their Cybersecurity Vulnerabilities

SMBs are the primary target for cyberattacks, yet most are unprepared.

CHICAGO, July 25, 2019 /PRNewswire/ -- U.S. businesses are ripe for the picking when it comes to cybercriminals and cybersecurity risks, but a new survey shows that cybersecurity efforts are not at the top of the list when it comes to where leaders are putting their focus and efforts.

The 2019 SMB Cyberthreat Study, which surveyed more than 500 senior level decision makers at companies with 500 employees or less (SMBs), was commissioned by leading cybersecurity provider Keeper Security to identify the gaps between awareness and action in business cybersecurity needs. Among the findings, two out of three business leaders surveyed (66%) don't believe they'll fall victim to a cyberattack. But a previous study conducted by the Ponemon Institute for Keeper found that 67% of business had been attacked within the prior 12 months. 

"Businesses face a vulnerability crisis when it comes to cybercriminals, and this reality won't get better until cybersecurity gets higher billing on their to-do list," said Darren Guccione, CEO and co-founder of Keeper. "Our Cyberthreat Study findings show that many companies don't know where to start with cybersecurity prevention and even more don't think they will fall victim to an attack, but it's time they dramatically change their perspectives and put a plan in place. We are working very hard to educate SMBs about how they can protect themselves quickly and on a cost-effective basis."

Misconception of Threat Vulnerability 
Of the senior decision makers surveyed, 66% think a cyberattack is not very or at all likely to happen to them, but previous Ponemon Institute research reported that nearly seven in ten (67%) businesses were attacked in the last year, pointing to a major perception gap. Keeper's 2019 Cyberthreat SMB Study found that only about one in ten (12%) understand the reality that an attack is very likely, no matter how big or small the company.

The 2019 Cyberthreat SMB Study also reveals differences in perception between newer and more mature businesses, with companies in business less than five years believing they're at a much higher risk than those operating for 10 or more years. Of companies in business less than five years, 28% believed it was "very likely" that they will be the target of a cyberattack, while only 6% operating for 10 or more years thought the same. In fact, 70% of businesses operating for 10 or more years believe a cyberattack is not very likely or not likely at all. 

Lack of organizational awareness into cybersecurity's importance 
Of the leadership polled, only 9% thought cybersecurity was the most important aspect of their business when compared with recruitment, marketing, sales, quality of internal tools, and contributing to social good. In fact, nearly one in five respondents (18%) ranked cybersecurity as the least important aspect of all six. 

Furthermore, respondents ranked a recession, damage to public reputation and a disruption to the business model as the most prominent threats to their business. Cybersecurity was ranked last by over one in five surveyed (21%), despite the fact that such an attack would likely cause both a disruption in business model and damage to public reputation. 

Disconnect between password security and cyberattack prevention strategy
Most companies understand the critical role of passwords when it comes to security. The majority of respondents (69%) expressed positive sentiment about passwords, saying passwords make them feel "confident" or "secure." Furthermore, 75% of companies have policies in place that encourage or require employees to update their passwords regularly.

However, 60% of respondents reported not having any prevention plan in place against a cyberattack. Since 81% of breaches are caused by weak or stolen passwords, the difference in reported password policies and lack of prevention plans points to a disconnect in understanding that password security is itself a strategic prevention plan.

Furthermore, a quarter of business leaders surveyed (25%) admitted they don't even know where to start when it comes to cybersecurity. Cybersecurity starts with password security. 

About the 2019 SMB Cyberthreat Study
All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 509 senior decision makers at companies with 500 employees or less. Fieldwork was undertaken between June 28 and July 5, 2019. The survey was carried out online. The figures have been weighted and are representative of all SDM at companies with 500 employees or less. 

About Keeper Security, Inc.
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce cybertheft and data breaches. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, dark web monitoring, digital file storage and messaging. Named PC Magazine's Best Password Manager of 2018 and awarded the Publisher's Choice Cybersecurity Password Management InfoSec Award for 2019, Keeper is trusted by millions of people and thousands of businesses to protect their digital assets and help mitigate the risk of a data breach. Keeper is SOC-2 and ISO 27001 Certified and is also listed for use by the Federal government through the System for Award Management (SAM). Keeper protects businesses of all sizes across every major industry sector. Learn more at https://keepersecurity.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19635
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.