A recent SMB IT security survey has revealed that while security spending has increased by 17% year over year, IT professionals are less confident in their ability to prevent data breaches. That is not surprising given that 68% have reported having experienced at least one data breach in the past 12 months, 29% of organizations experienced a phishing attack, and 18% have had to deal with a ransomware infection.
The SMB IT security survey was conducted by Osterman Research on behalf of Internet security firm Cyren. When asked about the main threats and how well protected their organizations were, fewer than 50% believed their defenses were good enough to prevent threats such as phishing, ransomware, and zero-day exploit attacks.
Respondents were asked about their biggest security concerns. 62% of respondents were concerned or very concerned about ransomware, 61% about phishing attacks, 54% about breaches of sensitive or confidential data, and 41% feared targeted attacks and zero-day exploits.
Security breaches can be incredibly costly for SMBs. The survey revealed SMBs were committing an average of 152 man-hours to resolve each breach. SMBs can ill afford to devote the time to deal with breaches. More than half of the businesses surveyed had fewer than two dedicated members of IT staff on their security teams, while 80% of the smallest businesses – with 100-500 employees – said they had fewer than 2 members of IT security staff.
Interestingly, SMBs do not appear to be particularly concerned about employees who violate company policies and take risks that could result in a network compromise. Only 24% of SMBs were concerned about shadow IT, 17% about personal use of social media networks, and 16% about employees viewing website content that breached company policies – porn for example.
The survey showed IT managers are increasingly choosing cloud-based security solutions over on-premise options, with 29% preferring the former and 32% preferring the latter. Last year, when the survey was conducted, only 21% of SMBs said they preferred cloud based SaaS security solutions.
57% of respondents to the SMB IT security survey said they used a SaaS solution to secure their email and just 18% of surveyed companies were using SaaS web security. Only half of SMBs were using security solutions for company owned mobile devices and one fifth were using security solutions on BYOD devices. Many businesses are therefore taking a big risk and it is understandable with such gaping security holes at many organizations, why confidence in security defenses is not particularly high.