Large businesses struggle to tackle cyber threats
Large businesses are finding it significantly more difficult to manage their cybersecurity than their smaller counterparts, according to new research from passwordless authentication company IDEE.
Based on a survey of more than 500 IT and cybersecurity professionals within UK businesses, the data reveals that 74 percent of respondents from large businesses (more than 500 employees) believe it has become far more challenging to defend against cyber attacks since the Covid-induced rise of remote and hybrid working.
However, only 50 percent of respondents from small businesses (less than 50 employees) say the same thing. Just 36 percent of small businesses said that a lack of skills and knowledge is a major cyber security challenge. In comparison, this figure rises to 68 percent among large businesses.
While 54 percent of large businesses say they need to simplify their cybersecurity solutions so that staff can properly engage with them, this figure drops to 36 percent among small businesses. 74 percent of large businesses say human error is the greatest threat to their cybersecurity, compared to only 41 percent of small businesses.
Large businesses though do seem to be more aware of the risks. 92 percent of respondents from large businesses say they understand the financial costs that are associated with a cyber breach, compared to 73 percent of respondents from small businesses.
Al Lakhani, CEO of IDEE, says:
The lyrics 'mo money, mo problems' spring to mind when looking through these statistics. On the one hand, cyber security professionals in large businesses clearly have a better grasp on the cyber threats they face and the damage that can be done, but they still struggle much, much more to defend against them.
More employees, more systems, larger supply chains, reliance on legacy IT -- there are numerous reasons why cyber security becomes more challenging the bigger a business gets. But recent headlines of breaches involving the Bank of America breach underline that enterprises are also a victim of their own outdated, backward approach to cybersecurity.
Account takeover is only possible in three ways -- credentials compromise, vulnerabilities, and backdoors. Shockingly, more than 80 percent of attacks occur due to credentials compromise. But too many blue chips still rely on detection methods that have consistently fallen short in foiling account takeover attacks, rather than embracing preventative solutions. So, I hope that now marks the turning point in eliminating credentials-based attacks and that, as an industry, we turn to a digitally secure future built on transitive trust and identity proofing.
You can read more on the IDEE blog.
Image credit: alexskopje/depositphotos.com