SMBs Threatened by Gaps in Cybersecurity According to New Report From Devolutions
Survey of IT Decision-Makers Reveals 76% of SMBs Do Not Have a Fully Deployed PAM Solution Despite 78% Citing Its Importance to Cybersecurity
Software developer Devolutions today announced results from its first cybersecurity survey, which polled IT decision-makers from small and mid-sized businesses (SMBs). Devolutions compiled the results from this survey into a report titled, “The State of Cybersecurity in SMBs in 2020.”
Among the most notable findings: 78% of SMBs indicated that having a privileged access management (PAM) solution in place is important to a cybersecurity program – yet 76% of respondents said that they do not have one that is fully deployed. While it’s a positive trend that the majority of SMBs recognize the importance of having a PAM solution, the fact that most of the respondents don’t have a PAM solution in place reflects that there is inertia when it comes to deployment.
The Numbers Are Staggering – and SMBs are Not Immune
Global cybercrime revenues have reached $1.5 trillion per year. And according to IBM, the average price tag of a data breach is now $3.9 million per incident. Despite these staggering figures, there remains a common (and inaccurate) belief among many SMBs that the greatest security vulnerabilities exist in large companies. However, there is mounting evidence that SMBs are more vulnerable than enterprises to cyberthreats – and the complacency regarding this reality can have disastrous consequences.
Says Devolutions CEO David Hervieux, “SMBs must not assume that their relative smaller size will protect them from cyberattacks. On the contrary, hackers, rogue employees and others are increasingly targeting SMBs because they typically have weaker – and, in some cases, virtually non-existent – defense systems. SMBs cannot afford to take a reactive wait-and-see approach to cybersecurity because they may not survive a cyberattack. And even if they do, it could take several years to recover costs, reclaim customers and repair reputation damage.”
Key Findings from the Survey
To dig deeper into the mindset of SMBs about cybersecurity, Devolutions conducted a survey of 182 SMBs from a variety of industries – including IT, healthcare, education, and finance. Some notable findings include:
- 62% of SMBs do not conduct a security audit at least once a year – and 14% never conduct an audit at all.
- 57% of SMBs indicated they have experienced a phishing attack in the last three years.
- 47% of SMBs allow end users to reuse passwords across personal and professional accounts.
These findings reinforce the need for better cybersecurity education for smaller companies. In addition to providing key findings, Devolutions’ report delves into what measures SMBs are taking to protect themselves from cybercrime and what they predict the cybersecurity landscape will look like in the future. It also includes recommendations as to how SMBs can improve their cybersecurity efforts moving forward.
Adds Hervieux, “Conducting this survey reaffirmed to us that while progress is being made, there is a still a lot of work to do for many SMBs to protect themselves from cybercrime. We plan to conduct a survey like this each year so that we can identify the most current trends and in turn help our customers address their most pressing needs.”
The Role of MSPs
One way for SMBs to close the cybersecurity gap is to seek out a trusted managed service provider (MSP) for guidance and implementation of cybersecurity solutions, monitoring and training programs. Because SMBs do not typically have huge IT departments like their enterprise counterparts, they often look to outside resources. MSPs have an opportunity to strengthen their relationship with existing customers and expand their client base by becoming cyber experts who can advise SMBs on various cybersecurity issues, trends and solutions – as well as offer the ability to promptly respond to any security incidents that may arise and take swift action. “We expect more and more MSPs will be adding cybersecurity solutions and expertise to their portfolio of offerings to meet this demand,” concludes Hervieux.
Prevent Privileged Account Abuse
Organizations must keep critical assets secure, control and monitor sensitive information and privileged access, and vault and manage business-user passwords – all while ensuring that employees are productive and efficient. This is not an easy task for SMBs without the right solution in place. Many PAM and password management solutions on the market are prohibitively expensive or too complex for what SMBs need. Devolutions offers a suite of IT solutions designed specifically for SMBs – these products include remote connection, remote access, password and privileged access management. Each of these solutions can play a pivotal role in boosting cybersecurity.