Remote workforces at SMBs are being left unprotected
Cyberattacks and other threats aren't limited to large organizations, indeed SMBs are often targeted as they are seen as having fewer resources to devote IT security defenses, particularly related to remote workers.
A new survey from software company Devolutions bears out this view, with only 18 percent of SMBs checking all the requisite IT security boxes and 13 percent not implementing any essential IT security measures at all.
The report shows 75 percent of SMBs surveyed are allowing some or all employees to adopt hybrid work, placing a heavier burden on security due to the expanded size of the attack surface. It also finds that 67 percent of respondents are more concerned about IT security now compared to a year ago.
Top concerns include ransomware (81 percent), phishing (69 percent) and malware (38 percent). It also reveals that 60 percent of SMBs have experienced at least one cyberattack over the last year and 18 percent have experienced six or more. Yet 44 percent of respondents indicate that they don’t have a comprehensive and updated cybersecurity incident response plan in place.
While 98 percent of respondents say they are managing access to privileged accounts, only 12 percent say they have a fully deployed PAM solution in place.
"We've had countless SMBs tell us that deploying a full PAM solution is too expensive or complicated and what they have is 'good enough' -- but it's just not the case," says Devolutions CEO David Hervieux. "In the report's recommendations, we discuss what PAM features and functions are appropriate for SMBs as well as best practices for governing privileged accounts and credentials. It doesn’t have to break the bank to be effective."
On a more positive note budgets are increasing. It's widely recommended that SMBs allocate between six and 15 percent of their organization's IT budget to IT security. The survey finds that 68 percent of SMBs fall in that recommended range. This is significantly higher than in last year's survey, which found that just 32 percent of SMBs were allocating six to 15 percent of their overall IT budget to IT security.
You can read more on the Devolutions blog and there's an infographic summary of the findings below.