Improving cybersecurity remains the top priority for SMBs, and is cited nearly twice as often as the next closest concern (capacity and infrastructure), when looking ahead to 2019.
That's according to the results of Kaseya's fourth annual IT operations benchmark survey, which offers insights into how IT groups at SMBs are faring as IT management demands grow in both number and complexity. The survey, based on input from nearly 1,300 global respondents, revealed a number of emerging trends, indicating that change is afoot in the IT operations landscape.
Mike Puglia, Kaseya's chief strategy officer, tells us there is "no shortage of challenges for IT as the landscape continues to not only grow in size but also complexity."
"But with these challenges are areas of opportunity, such as leveraging advanced automation capabilities to both safeguard networks against malicious activity, such as ransomware, and enable compliance with government regulations such as General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). Vulnerability management is another area of opportunity to help prevent outages."
One in three SMBs has experienced a security breach in the last five years and more than one in 10 have within the last year, according to the survey. As a result, it’s no surprise that security remains the top IT priority for SMBs, with more than half (54 percent) citing it as their main concern in 2018, up 14 percent from 2017. Looking ahead to 2019, nearly 60 percent of respondents anticipate security to be their primary concern in the coming year.
"(Last year) was a remarkable year with global-scale threats like the WannaCry, Petya and Bad Rabbit ransomware attacks, Equifax’s data breach, potential election meddling, and the list goes on," Puglia said. "While it’s no surprise that security breaches are a constant risk and reality for IT organizations, what was revealing was the scale at which SMBs are being targeted."
Respondents also cited data backup and uptime as critical to their operations. Eighty-six percent reported they experienced at least one IT network outage lasting longer than 5 minutes during the past year, and 45 percent reported having two to four outages lasting longer than 5 minutes. Fortunately, it's possible to mitigate the potential impact of downtime with an effective multiprong backup strategy that organizations are readily engaged in, according to Kaseya.
When it comes to backup and recovery, almost all (90 percent) back up servers and another 69 percent back them up both locally and onsite. Also, nearly 40 percent reported they run automated disaster recovery and have a formal, management-approved business continuity and disaster-recovery plan in place. On average, respondents rely on four backup and recovery technologies, demonstrating the "critical nature" of these offerings, according to the report.
SaaS application adoption is on the rise, with Microsoft Office 365 leading the way as the most deployed solution (72 percent) followed by Dropbox (29 percent), and Salesforce and Google Suite both coming in with 17 percent. Slightly more than one-half of the survey’s respondents use a third-party vendor to protect at least some of their data.
The Payment Card Industry (PCI) Data Security Standard, HIPAA and the Health Information Technology for Economic and Clinical Health Act (HITECH) are the most common compliance requirements respondents adhere to, comprising 64 percent. Though now underway, GDPR showed that it's still a new standard that global companies are coming to grips with, as just 11 percent of companies adhered to it at the time of the survey commissioning.
Eighty-four percent audit endpoints as part of their asset-management processes. Of those, 68 percent track operating system information, 64 percent track installed software, and almost half track software-licensing data.
As IT influence grows, understanding where strengths lie is critical to informed decision making about what must be improved or outsourced, Kaseya said. When asked to rate effectiveness in optimizing IT efficiency, the following technologies and strategies were the most common areas of expertise: centralized antivirus/anti-malware scanning (77 percent), data storage and backup (75 percent), server monitoring (68 percent), centralized patch management (63 percent), and remote device access/control (61 percent).
"IT relied heavily on automation and an ability to tackle new technology implementations as the proof of its value," Puglia said. "But 2017 will likely be seen as the year IT earned its new badge of value: protecting the business from the modern threat landscape. Our survey indicates that IT is indeed seen as strategic, but this is increasingly attributable to its ability to secure and protect the network against outages. In response, IT’s priorities have shifted to be almost singularly focused on network and data protection."
In its recent SMB cybersecurity preparedness report, Webroot found 100 percent of SMBs are conducting some form of employee cybersecurity training and 79 percent said they aren’t completely ready to manage IT security and protect against threats. Also, phishing was cited as the No. 1 attack SMBs believe they will be most susceptible to this year.