9 SMB Security Trends
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt0cfceb79d19b40bc/64f0d639de3257cd121659fb/Slide1CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
Two recent surveys offer insight into why small to medium-sized businesses (SMBs) are taking security more seriously.
In one study, by Webroot, 600 IT decision makers pinpoint their top concerns (think: phishing and ransomware), as well as areas where they are becoming more relaxed, due largely to increased security awareness and training, as well as much-improved access control management.
"The press has made people aware of the threat landscape," says Charlie Tomeo, vice president of worldwide business sales at Webroot. "The bad actors keep coming out with new forms of malware, and everyone is getting hammered. There's a heightened awareness, and SMBs really know they have to do something."
The other study, by Kaspersky, examines IT budgets and high-level staffing considerations, given that "most SMBs can't afford a full-time CISO," says Jason Stein, vice president of channel at Kaspersky Lab North America.
We talked with both Tomeo and Stein to develop this list of SMB security trends. For more information, check out the Webroot report "Webroot SMB Cybersecurity Preparedness" and the Kaspersky study "On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives." The Webroot study only involves SMBs, while the Kaspersky study covers both SMB and enterprise markets.
Five years after the Edward Snowden story broke, the vast majority of SMBs are no longer susceptible to insider threats: According to Webroot, only 25% of companies globally say they are still an issue. Webroot's Tomeo credits the aggressive education programs that have been underway for the past several years. Companies are much more careful about how they give out access rights, he says, and employees are more aware of the potential for threats from within.
On an anecdotal level, it could also be that given an SMB's small staff, where everyone knows each other's business, there's less of a chance that one rogue employee would slip through compared with a big consulting company or a defense contractor with thousands of employees.
Security pros across the three countries surveyed in the Webroot report say they are all concerned about new forms of malware infections. In the United States, it's 37%, in Australia it's 34%, and in the United Kingdom it's 32%. Webroot's Tomeo says it's significant that the numbers are consistent across the survey sampling. The bad actors, he says, keep coming up with new forms of malware, which keeps the security companies scrambling to keep pace. It's certainly not like it was five or 10 years ago. In the past, security pros could just add a new signature to a known piece of malware. Today, much of the new malware changes the signature every time, which is why the current threat environment has become so challenging.
SMB security budgets have grown from $201,000 in 2017 to $246,000 in 2018, according to Kaspersky. The Kaspersky study finds that very small businesses (VSBs) realized the greatest increase, with average security budgets up from $2,400 to $3,900 over the past 12 months. This shows that even the smallest of businesses are now taking IT security seriously.
Kaspersky's Stein says small companies can't always afford $150,000 to $200,000 for a qualified CISO, but more are taking advantage of the "CISO for hire" concept that's become popular in the industry. Companies may bring in a CISO for training sessions or even for a short time to evaluate their overall preparedness, and then have the CISO come back periodically to keep tabs on their progress.
According to Kaspersky, when it comes to all cybersecurity incidents, attacks affecting IT infrastructure hosted by a third party are one of the most expensive threats for SMBs. It costs $118,000 for an SMB to recover from such an attack, Kaspersky says, followed closely by $98,000 for incidents involving noncomputing, IoT-connected devices. Kaspersky's Stein says while the large public cloud providers, such as Amazon Web Services and Microsoft Azure, have well-staffed security teams, many of the point solution cloud providers don't make security as much of a priority. SMB owners should be very judicious when they sign on to a new service, he says.
Two recent surveys offer insight into why small to medium-sized businesses (SMBs) are taking security more seriously.
In one study, by Webroot, 600 IT decision makers pinpoint their top concerns (think: phishing and ransomware), as well as areas where they are becoming more relaxed, due largely to increased security awareness and training, as well as much-improved access control management.
"The press has made people aware of the threat landscape," says Charlie Tomeo, vice president of worldwide business sales at Webroot. "The bad actors keep coming out with new forms of malware, and everyone is getting hammered. There's a heightened awareness, and SMBs really know they have to do something."
The other study, by Kaspersky, examines IT budgets and high-level staffing considerations, given that "most SMBs can't afford a full-time CISO," says Jason Stein, vice president of channel at Kaspersky Lab North America.
We talked with both Tomeo and Stein to develop this list of SMB security trends. For more information, check out the Webroot report "Webroot SMB Cybersecurity Preparedness" and the Kaspersky study "On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives." The Webroot study only involves SMBs, while the Kaspersky study covers both SMB and enterprise markets.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024