Small security teams need to innovate to deal with threats
Companies with small security teams, generally SMEs, face a number of unique challenges which place them at greater risk than their larger enterprise counterparts.
This is among the findings of the 2021 CISO Survey of Small Cyber Security Teams from Cynet which also reveals that all of these companies are outsourcing at least some aspects of security threat mitigation in order to safeguard their IT assets.
The survey of 200 CISOs at small and medium size enterprises (SMEs) with five or fewer security staff members and cybersecurity budgets of a million dollars or less, finds that a majority of these organizations are overwhelmed by the endless volley of cyberattacks.
Of these CISOs 63 percent feel their risk of attack is higher compared to larger enterprises, despite the fact that enterprises are seen as a bigger target. 57 percent admit that their ability to effectively protect their companies is lower than they would like it to be.
In addition 57 percent of those surveyed say they do not have enough skill and experience to protect against cyber-attacks. 80 percent would like to invest in more automated security solutions as these companies look for innovative ways to do more with fewer resources. Consequently 100 percent of small security teams are outsourcing security mitigation to an external provider with 53 percent outsourcing to an MDR service and the balance outsourcing to an MSSP provider.
"This analysis looks at the reality of how CISOs with small security teams are taking on increasingly larger security challenges," says Eyal Gruner, CEO and founder of Cynet. "The result of this survey was a rare insight into the inner workings and dynamics of SMEs and a spotlight on how they are responding to the ongoing wave of criminal and state sponsored cyber-attacks."
It's clear from the results that smaller security teams do understand the value that solutions like endpoint detection and response provide. 87 percent of those using an EDR solution say it's valuable. However, 79 percent say it took their teams more than four months to finish their EDR deployment and become proficient in using the solution.
Key tactics used by these smaller operations to improve processes include investing in automated solutions and processes (80 percent), investing in security training and certifications (61 percent), consolidation of security tools and platforms (61 percent), replacement of complex security technologies (52 percent) and outsourcing to service providers to fill security tool gaps (51 percent).
You can register for a webinar to discover more about the findings.