Dive Brief:
- Though cyberthreats are as prominent for small- to medium-sized businesses as large enterprises, less than one-third of SMBs feel their protection measures are highly effective, according to a Ponemon Institute survey of nearly 29,000 IT practitioners and IT security practitioners in the U.S. and United Kingdom.
- The most common types of cyberattacks for SMBs were phishing or social engineering, followed by web-based, general malware and compromised or stolen devices, according to the report. Advanced malware and zero-day attacks increased their frequency the most from 2017 to 2018.
- Thirty-five percent of respondents said no one person determines IT security priorities, while 31% said their CIO is in charge of setting a security plan in 2018. Nearly one-third of SMBs are turning to a managed security service provider to manage their firewalls or intrusion prevention system.
Dive Insight:
The survey highlighted the same concerns the cybersecurity industry has had for years. A sufficient security posture is hindered by a lack of personnel, small budgets and general confusion over how to protect against cyberattacks.
Cybersecurity can easily become a game of cat and mouse until one day, the cat outsmarts the mouse. As hackers and malicious actors are maturing, companies know that day is inevitable.
The "cyber Pearl Harbor is effectively every Tuesday," said Alex Stamos, adjunct professor at Stanford University and former Facebook CSO, while speaking at the Tanium conference in Washington in November.
When companies as large as Equifax and Yahoo can suffer security snafus, presumably with endless security resources, SMBs need to take more precaution. Hackers generally look to compromise smaller businesses in a enterprise's partner ecosystem to eventually infiltrate the larger organization.
When a supply chain attack is always a possibility, SMBs have to take action, including businesswide security training. About 1% of emails are considered malicious, and less than 10% of cyber crimes are done outside of email.
SMBs cannot afford to succumb to email Russian roulette. The "internet allows you to even the playing field" for bad actors, said Stamos, and assuming a small business is safe just because it's small is negligent.