When almost 75 percent of IT security professionals serving SMBs are concerned about protecting customer data, there’s cause for concern. And that’s exactly what Boston-based EiQ Networks finds in its Q1 2017 survey about the state of the SMB cybersecurity landscape.
EiQ Networks, a provider of security monitoring and vulnerability and patch management solutions, polled more than 150 SMB IT security professionals—including IT security managers, security engineers, security officers, and IT administrators, among others—about their cybersecurity technology investment, ability to thwart attacks, and security priorities.
The results reveal, among other issues, a significant drop in respondents’ confidence in the security technologies they’ve deployed to protect against data breaches and asset theft. As compared with EiQ’s 2015 survey, when 26.8 percent of IT security professionals expressed confidence in their security posture, in 2017 fewer than 15 percent report confidence that currently deployed technologies will be successful in detecting and responding to cyberattacks.
Why? One reason is a lack of funding, with 86 percent noting that less than 10 percent of the IT budget is allocated to security. “One of the most striking results is how little [SMBs] are spending on cybersecurity as compared to the overall IT budget, despite the very high risks they face daily from ransomware, phishing, and zero-day attacks, to name just a few,” says Vijay Basani, founder and CEO of EiQ Networks.
Basani adds that in addition to a dearth of funds, SMBs lack security personnel. “Without the IT security resources and expertise necessary to continually monitor, detect, and respond to security incidents, SMBs are simply exposing themselves to loss of revenue, brand equity, IP, and customer data,” he says.
To improve security, Basani suggests channel pros determine where customer data is processed and stored, ensure that only authorized personnel can access it, and encrypt critical data as well as personally identifiable information. Also, monitor who is accessing privileged accounts. “User activity is important,” he says. “There are high-quality, affordable, third-party service providers who can help you with continuous security intelligence, monitoring, and vulnerability management. Make sure you are dealing with an AICPA (SOC 2) audited service provider.”