Small and medium business (SMB) leaders have a lot on their minds. The looming recession and inflation created financial uncertainty. Meanwhile, the Global increase Sophisticated ransomware threats and geopolitical tensions are present Cyber threats are escalating.
With so many factors and pressures in play, how do SMBs navigate this challenging business landscape while waging war against cybercriminals?
Insight from OpenText Security Solutions’ 2022 SMB Global Ransomware Survey sheds light on priorities, concerns and security posture. Feedback from SMEs across a range of industries and countries confirms that security teams and the C-suite are concerned about increasingly sophisticated and relentless attacks.
Ransomware is a key concern for small and medium businesses:
A vast majority (88%) of SMBs indicated that they are concerned or very concerned about an attack affecting their businesses. This concern is exacerbated by rising geopolitical tensions. In fact, more than half (52%) of respondents now feel more at risk of suffering a ransomware attack due to these incidents.
The concerns of small and medium businesses are already becoming a reality. Almost half (46%) of SMBs have experienced a ransomware attack. Meanwhile, 66% of respondents are unsure or only somewhat confident that they can fend off a ransomware attack. Budget constraints and small security teams were cited as the main roadblocks.
Despite the concern, security awareness training is rare:
The vast majority of SMBs believe that a successful ransomware attack is the result of clicking on a malicious link or opening an email attachment. However, despite this knowledge of users as the preferred attack surface, many SMBs (based on action) do not view their employees as a first line of defense.
Sixty-seven percent of small and medium-sized businesses conduct security awareness training twice a year or less. Of these SMBs, 31% conduct security awareness training only once a year; 10% only if an employee fails a phishing test.
Fear that small security budgets will be reduced:
Sixty-seven percent of SMBs spend less than $50,000 a year on cybersecurity. While 59% reported plans to increase their security budget in 2023, 57% fear that inflation will lead to a change in plans that will result in budget cuts.
SMB security teams are spread thin; MSPs are an attractive option:
The majority (68%) of small and medium-sized businesses have less than five people on their security team. To alleviate resource constraints, more than half (58%) of respondents use external security management support. In the future, 65% of SMEs that do not currently use a managed service provider (MSP) for their security needs will consider doing so.
Fighting more, with less
Opponents have become increasingly sophisticated and relentless as the attack surface has only grown. Meanwhile, the fear of expected budget cuts impacting already overstretched security teams puts SMBs in a vulnerable position.
Ongoing education and awareness of new attack vectors and protection against common channels such as email are critical to achieving a cyber resilience posture. Monthly phishing simulations are a great way to keep users current and responsible. A multi-layered approach that includes email security, DNS filtering, endpoint protection, and backup and recovery is essential to reducing risk and exposure from attacks.
For more information, go to: https://www.opentext.com/products/security-cloud
