Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

8/2/2018
09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Small Businesses Look to Cloud, SD-WAN for Security, Survey Finds

Increasingly, small and midsized businesses are turning toward the cloud and new technologies, such as SD-WAN, to provide an extra layer of security, according to a new industry report.

With ransomware and phishing attacks on the increase, small and midsized businesses are increasingly turning to the cloud, as well as new technologies like SD-WAN, to help build up their security defenses, according to a newly released industry survey.

One reason that small and midsized businesses (SMBs) are turning toward these technologies is pure economics. About half of these enterprises had $5,000 or less annually to spend on IT security, and of that number, only half had $1,000 earmarked for security.

In addition to budget constraints, SMBs have limited time to understand and research the latest threats and also lack the manpower to respond, according to the Aug. 2 study released by Untangle, a San Jose-based company focused on network security.

The survey found that fewer than 30% of SMBs have a dedicated security professional on staff, which makes issues around training staff and creating security and compliance policies difficult.

(Source: Pixabay)
(Source: Pixabay)

"One big gap is in user awareness and training," Dirk Morris, the chief product officer of Untangle, wrote in an email to Security Now. He added that small businesses face the same security attacks as their larger counterparts, but SMBs have fewer resources to deal with an increasing number of threats.

"A surprising number of attacks still rely on help from unsuspecting users," Morris added. "Phishing, spoof websites and malicious downloads necessitate constant vigilance and user education, even with solutions like endpoint antivirus and firewalls in place."

The survey is based on the results of interviews with 350 SMBs, and the company plans to release the full report at this year's Black Hat conference in Las Vegas, which takes place later this month.

While security remains a concern, SMBs are starting to address the issue by moving some of their data to the public cloud, where service providers can at least provide security for the infrastructure, although data remains the responsibility of the customer. However, adoption remains slow since only 25% of those surveyed are using cloud infrastructure services.

At the same time, more small businesses -- more than 30%, according to the survey, are investing in SD-WAN technologies.

SD-WAN -- shorthand for software-defined wide-area networking -- uses software-defined networking to establish connections between distant locations, such as enterprise facilities and cloud providers. It also provides a more flexible, less expensive alternative to traditional wide-area networking (WAN) connectivity, which depends on dedicated hardware.

While still a newer technology, SD-WAN is growing, with some estimates placing the market at $3.3 billion by 2021. (See Unknown Document 738371.)


Zero in on the most attractive 5G NR deployment strategies, and take a look ahead to later technology developments and service innovations. Join us for the Deployment Strategies for 5G NR breakfast workshop in LA at MWCA on September 12. Register now to learn from and network with industry experts – communications service providers get in free!

In his email, Morris noted the many SMBs have a headquarters and several branch offices, especially in markets such as retail. If security is centralized at HQ, then SD-WAN and the flexibility it brings starts making more sense. It also helps as businesses turn toward cloud-based services such as SaaS.

"For example, a company with a headquarters, retail outlet and branch office may not be resourced the same way across these locations," Morris wrote. "IT staff and security solutions may only be deployed at the headquarters. SD-WAN offers multi-site organizations the ability to centralize their security by sending traffic to a single location for processing, whether that is a physical location (like the headquarters) or a cloud deployment."

While the report noted that SMBs are evaluating and installing new technologies, traditional security services such as firewalls, network detection tools, anti-virus and anti-malware are still the most frequently purchased.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33988
PUBLISHED: 2021-10-19
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
CVE-2020-12141
PUBLISHED: 2021-10-19
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.
CVE-2021-29912
PUBLISHED: 2021-10-19
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
CVE-2021-38911
PUBLISHED: 2021-10-19
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
CVE-2021-3746
PUBLISHED: 2021-10-19
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability ...