Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

7/26/2019
11:50 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

2019 SMB Cyberthreat Study: Most SMBs Severely Underestimate Their Cybersecurity Vulnerabilities

SMBs are the primary target for cyberattacks, yet most are unprepared.

CHICAGO, July 25, 2019 /PRNewswire/ -- U.S. businesses are ripe for the picking when it comes to cybercriminals and cybersecurity risks, but a new survey shows that cybersecurity efforts are not at the top of the list when it comes to where leaders are putting their focus and efforts.

The 2019 SMB Cyberthreat Study, which surveyed more than 500 senior level decision makers at companies with 500 employees or less (SMBs), was commissioned by leading cybersecurity provider Keeper Security to identify the gaps between awareness and action in business cybersecurity needs. Among the findings, two out of three business leaders surveyed (66%) don't believe they'll fall victim to a cyberattack. But a previous study conducted by the Ponemon Institute for Keeper found that 67% of business had been attacked within the prior 12 months. 

"Businesses face a vulnerability crisis when it comes to cybercriminals, and this reality won't get better until cybersecurity gets higher billing on their to-do list," said Darren Guccione, CEO and co-founder of Keeper. "Our Cyberthreat Study findings show that many companies don't know where to start with cybersecurity prevention and even more don't think they will fall victim to an attack, but it's time they dramatically change their perspectives and put a plan in place. We are working very hard to educate SMBs about how they can protect themselves quickly and on a cost-effective basis."

Misconception of Threat Vulnerability 
Of the senior decision makers surveyed, 66% think a cyberattack is not very or at all likely to happen to them, but previous Ponemon Institute research reported that nearly seven in ten (67%) businesses were attacked in the last year, pointing to a major perception gap. Keeper's 2019 Cyberthreat SMB Study found that only about one in ten (12%) understand the reality that an attack is very likely, no matter how big or small the company.

The 2019 Cyberthreat SMB Study also reveals differences in perception between newer and more mature businesses, with companies in business less than five years believing they're at a much higher risk than those operating for 10 or more years. Of companies in business less than five years, 28% believed it was "very likely" that they will be the target of a cyberattack, while only 6% operating for 10 or more years thought the same. In fact, 70% of businesses operating for 10 or more years believe a cyberattack is not very likely or not likely at all. 

Lack of organizational awareness into cybersecurity's importance 
Of the leadership polled, only 9% thought cybersecurity was the most important aspect of their business when compared with recruitment, marketing, sales, quality of internal tools, and contributing to social good. In fact, nearly one in five respondents (18%) ranked cybersecurity as the least important aspect of all six. 

Furthermore, respondents ranked a recession, damage to public reputation and a disruption to the business model as the most prominent threats to their business. Cybersecurity was ranked last by over one in five surveyed (21%), despite the fact that such an attack would likely cause both a disruption in business model and damage to public reputation. 

Disconnect between password security and cyberattack prevention strategy
Most companies understand the critical role of passwords when it comes to security. The majority of respondents (69%) expressed positive sentiment about passwords, saying passwords make them feel "confident" or "secure." Furthermore, 75% of companies have policies in place that encourage or require employees to update their passwords regularly.

However, 60% of respondents reported not having any prevention plan in place against a cyberattack. Since 81% of breaches are caused by weak or stolen passwords, the difference in reported password policies and lack of prevention plans points to a disconnect in understanding that password security is itself a strategic prevention plan.

Furthermore, a quarter of business leaders surveyed (25%) admitted they don't even know where to start when it comes to cybersecurity. Cybersecurity starts with password security. 

About the 2019 SMB Cyberthreat Study
All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 509 senior decision makers at companies with 500 employees or less. Fieldwork was undertaken between June 28 and July 5, 2019. The survey was carried out online. The figures have been weighted and are representative of all SDM at companies with 500 employees or less. 

About Keeper Security, Inc.
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce cybertheft and data breaches. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, dark web monitoring, digital file storage and messaging. Named PC Magazine's Best Password Manager of 2018 and awarded the Publisher's Choice Cybersecurity Password Management InfoSec Award for 2019, Keeper is trusted by millions of people and thousands of businesses to protect their digital assets and help mitigate the risk of a data breach. Keeper is SOC-2 and ISO 27001 Certified and is also listed for use by the Federal government through the System for Award Management (SAM). Keeper protects businesses of all sizes across every major industry sector. Learn more at https://keepersecurity.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13934
PUBLISHED: 2020-07-14
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
CVE-2020-13935
PUBLISHED: 2020-07-14
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of ser...
CVE-2020-15721
PUBLISHED: 2020-07-14
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVE-2020-7592
PUBLISHED: 2020-07-14
A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic ...
CVE-2020-7593
PUBLISHED: 2020-07-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticate...