Tuesday, 17th September 2019

SMBs exposed to critical security risks

Nearly 70% of SMBs have not identified and documented cybersecurity threats.

Results of more than 1,000 risk assessments completed by ConnectWise partners reveal that a majority of small and medium-sized businesses (SMBs) do not have cybersecurity protection at the top of their agenda and are highly prone to risks and vulnerabilities. The risk assessments reveal that an alarming 69% of SMBs have not identified and documented cybersecurity threats, while two-thirds (66%) have not identified and documented cybersecurity vulnerabilities.

Beginning in fall 2018 and continuing through this spring, ConnectWise’s managed service provider (MSP) partners around the world were offered free risk assessments using a tool from Sienna Group – now known as ConnectWise Identify – to assess their SMB customers’ security posture against a wide variety of malicious cybersecurity threats. While these assessments are still ongoing, results from the first 1,000 showing the top risks SMBs face have now been completed.

Data from the assessments also revealed the following facts about SMBs:
  • More than half (57%) have not informed and trained all users on cybersecurity
  • Almost half (48%) have not analysed cybersecurity attack targets and methods
  • Almost half (48%) do not have a response plan for a cybersecurity incident
  • Over two-fifths (43%) do not have a recovery plan for a cybersecurity incident

“These results highlight how unprepared many small business owners still are for cybersecurity attacks. Partly due to the intense media focus on massive security breaches like Equifax and Marriott, many SMBs continue to operate under the belief that security breaches only impact large enterprises,” said John Ford, chief information security officer, ConnectWise. “The fact that almost 70% of SMBs hadn’t identified and documented cybersecurity threats is a serious concern, as sensitive company, employee and customer data would be susceptible to any type of cyberattack whether it is ransomware, malware, taking down the company’s site via a DDoS attack, or any other type of malicious activity taking place in this day and age.”

Attacks on SMBs are on the rise, and the associated costs can be detrimental to their business. In fact, the average cost from damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 and the average cost of the disruption to normal operations increased from $955,429 to $1,207,965 according to the Ponemon Institute: 2017 State of Cybersecurity in SMB study.

As a result, SMBs are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market.

“SMBs must consider the risks associated if such an attack were to take place, as it would not just affect the company financially and its reputation, but its detrimental impact could even shut an organisation down,” Ford continued. “This is why it’s important for them to work with MSPs to understand where their cybersecurity risks lie and how they can be remediated.”

Findings reveal that 37% of respondents have reported an incident to the ICO in the past 12 months,...
Nearly one-third (32%) of IT group employees in SMBs and mid-market enterprises globally said their...
Two-thirds of enterprises are s.truggling to embed security in the enterprise-IT architecture
Ping Identity has published two new white papers from its CISO Advisory Council on securing customer...
While only a third say regulatory change triggers purchase of new technology.
Respondents identify people as biggest source of cyber threats, with Facebook and BA as most notable...
Research reveals that companies investing in the latest cyber security products and services are ris...
New levels of industry collaboration will protect and secure people, processes and technology.