SMB Cyberattacks Spike, Getting More Sophisticated

For the third straight year, SMBs have reported a significant increase in targeted cybersecurity breaches with a high number of those involving loss of sensitive information about customers and employees.

That’s according to new Keeper Security/Ponemon Institute’s research, which surveyed nearly 2,400 IT and IT security practitioners. Attacks against U.S., U.K. and European businesses are growing in both frequency and sophistication, and nearly half of the respondents described their organization’s IT security as ineffective, with 39% reporting they have no incident response plan in place.

Keeper Security’s Michael Chester

Michael Chester, Keeper’s senior director of business development, tells Channel Partners that 35% of SMBs globally said lack of in-house expertise prevents their organization from having effective security. These SMBs are under attack, and more and more of them rely on MSSPs to advise them on IT security strategy and support IT security functions, he said.

“On average, 32% of a company’s IT security operations are supported by MSSPs, up from 29% in last year’s study,” he said. “Seventy percent of respondents say their MSSP monitors or manages firewalls or intrusion prevention systems (IPS). Since 2017, more SMBs have been engaging MSSPs to monitor or manage multifunctioning firewalls; 39% reported doing so this year, up from 28% in 2017.”

However, fewer respondents report using MSSPs to monitor or manage intrusion detection systems security gateways for messaging or web traffic, Chester said. Notably, 69% also said they have experienced an attack in the past year that got past their intrusion detection system, he said.

“MSSPs have the opportunity to address two key business challenges with an effective password management offering,” he said. “First and foremost … the inclusion of password management in an MSSP’s portfolio offers security benefits. Weak password security is the Trojan horse that can harm MSSPs and their clients’ organizations. Further, MSSPs can differentiate their service offering in a highly competitive market. After all, 54% of managed services providers cite marketing and sales as their primary pain points. “

Overall, attacks are increasing dramatically, as 76% of U.S. companies were attacked within the last 12 months, up from 55% in 2016. Globally, 66% of respondents reported attacks in the same time frame, according to the research.

Attacks are becoming more sophisticated, with phishing (57%), compromised or stolen devices (33%) and credential theft (30%) among the most common attacks waged against SMBs globally.

Globally, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the past year. That number is 69% in the United States, up from 50% in 2016.

SMBs globally are adopting emerging technologies like mobile devices, IoT and biometrics despite a lack of confidence in their ability to protect their sensitive information, according to the research. Nearly half access more than 50% of their business-critical applications from mobile devices, yet doing so diminishes their organization’s security.

In addition, 80% of respondents think it’s likely that a security incident related to unsecured IoT devices could be catastrophic, yet only 21% monitor the risk of IoT devices…