Study: Cybersecurity Continues to Be Top Concern Among SMBs

Cybersecurity continues to be the top concern of IT professionals in Small and Midsize Businesses (SMBs). Even though SMBs are aware of this concern, they’re struggling with many of the same challenges IT firms are combatting daily. A major struggle includes the cybersecurity workforce gap. To get around this, SMBs are looking elsewhere for help.

A report, titled “The 2019 Kaseya State of IT Operations Report for Small and Midsize Businesses,” paints a bleak picture of the ever-expanding cybersecurity threat landscape for SMBs.

Regarding security, Kaseya’s report highlighted three key takeaways: improving security is the top priority among SMBs; cybercriminals are attacking SMBs; and even though SMBs are better prepared to combat ransomware, the attacks are growing.

While enhancing security measures is a top priority, many challenges await organizations

The study found that improving security is the number one priority for 57 percent of IT professionals; however, even though they’re aware of what needs to be done from an IT standpoint, IT professionals are facing many challenges when attempting to execute company initiatives designed to enhance cybersecurity measures.

For example, a top challenge many IT professionals are facing in the cybersecurity field is there’s a growing skills gap among cybersecurity professionals, which isn’t expected to narrow anytime soon; this makes it more difficult for IT professionals to accomplish what need they need to achieve.

Many IT professionals are witnessing the growing skills gap among cybersecurity professionals at their companies firsthand. That’s why 53 percent of IT professionals believe there’s a shortage of cybersecurity skills at their organizations, according to a January 2019 report conducted by IT research firm ESG. While their concerns are justified, IT professionals have nowhere to turn for relief; the cybersecurity labor markets aren’t offering any timely solutions — and things are getting worse.

Unfilled cybersecurity jobs are expected to hit 1.8 million by 2022, up 20 percent from 1.5 million in 2015, according to the Center for Cyber Safety and Education. This is a problem for not only IT professionals looking to grow their cybersecurity teams but SMBs in need of additional protections.

Additionally, typical IT positions are a lot easier to fill than cybersecurity roles. On average, IT jobs take 41 days to fill; however, cybersecurity roles take 50 days, according to a Burning Glass study. Cybersecurity jobs are taking 20 percent longer to fill than typical IT roles.

The growing skills gap among cybersecurity professionals isn’t the only top IT challenge for SMBs.

The cybersecurity threat landscape continues to evolve, now impacting more SMBs

Even though cybercriminals have traditionally targeted enterprise organizations, they’re now infiltrating the networks and systems of SMBs, so nobody’s immune to data breaches in 2019.

Sometimes the truth hurts, but it’s better SMBs are aware of it. In 2018 alone, 43 percent of breaches impacted SMBs in some way or another, according to the Verizon Data Breach Investigations Report for 2019. This number should be a concern for any SMB, no matter how many employees it has.

Kaseya’s recent report on SMB IT operations also highlighted frightening statistics for SMBs. More than 30 percent of respondents experienced a security breach in the past five years, the report found.

Even though that number’s high, it fell slightly from 35 percent in 2018, so that’s some good news — on top of what’s recently been revealed about ransomware attacks.

Ransomware attacks are growing, but SMBs are better prepared now than they’ve been

Ransomware attacks aren’t going away anytime soon.

They’re expected to continue to increase in number. These attacks are growing more than 350 percent annually, according to a report by Cisco; however, SMBs seem to be doing a better job at defending against and responding to ransomware attacks.

For example, only 12 percent of Kaseya’s survey’s respondents experienced a ransomware attack in the past year, a drop of 10 percent from 2018.

What attributed to the decrease in ransomware attacks? An increase in IT professionals educating employees on email phishing scams, which can lead to ransomware attacks. Unfortunately, if internal IT professionals are bogged down with other work, they may not have the opportunity to educate.

As the cybersecurity threat landscape continues to evolve, IT professionals within SMBs are doing their best to control what they can, but when they’re operating in environments where resources are limited, especially due to outside circumstances, it becomes rather difficult for them to manage environments, which is why many SMBs are outsourcing their cybersecurity to external IT providers.