Most small and medium businesses (SMBs) are not equipped to handle IT security concerns and distribute security responsibilities across other roles, a recent survey from Untangle reveals.
Although the vast majority (80%) of SMBs do consider security as being very important to their business, 52% admitted to have distributed security responsibilities instead of hiring an IT security professional, the research reveals.
According to the survey, which includes responses from over 350 SMBs globally, only 27% of respondents have a dedicated IT security professional on staff. However, 17% of respondents said a partner takes care of their security needs.
The research has revealed that 75% of SMBs have fewer than 5 physical locations and that 60% have fewer than 100 end-user devices to manage.
When it comes to IT security, however, limited resources represent a challenge for 47% of the surveyed SMBs. In fact, more than half of respondents said they had less than $5,000 per year for IT security, while half of them had less than $1,000 per year.
Respondents also revealed that limited time to research and understand new threats (37%), and the lack of manpower to monitor and manage security (34%) are challenging as well. 29% of the respondents revealed they had to deal with employees who do not follow rules.
“Considering Gartner estimates $96.3 billion to be spent on enterprise security solutions in 2018, the small budgets SMBs are given make it nearly impossible to stay ahead of emerging threats,” the report reads.
Almost 40% of SMBs revealed they have experienced a cyber-attack over the past 12 months, most of them being hit with malware and phishing. Ransomware was also encountered.
The research also discovered that 34% of the respondents do not have a Bring-Your-Own-Device (BYOD) policy in place. While this is a security risk, a mitigating factor is the fact that over 80% of businesses either do not allow third party devices on the network or have a separate network for them.
The respondents perceive firewall and network security solutions as having the highest importance when it comes to a purchase, with anti-virus or anti-malware solutions also considered important.
Most SMBs (76%) have at least three quarters of their infrastructure deployed on premise and 82% revealed they have less than 25% of their IT infrastructure deployed in the cloud.
“SMBs will always have to face limited budgets and resources allocated to IT security. However, as hackers become more sophisticated, it is crucial organizations take a proactive approach instead of waiting to see if they become a victim. Simple steps like separating the internal network from the public or mobile devices, and educating employees on what phishing attacks look like, can be vital for SMBs,” Untangle concludes.
Source: infosec island