Deficient cyber security blocks SME growth plans, report finds

Check Point Software Technologies sought to uncover how small and medium-sized enterprises (SMEs) are emerging from the pandemic, and how their business and technology needs are changing with the survey.

Eyal Manor, vice president of product management at Check Point Software, warned that due to a shortage of cyber security workers at SMEs, a different approach is required.

“It is reassuring that SMEs have increased their investment in cyber security to support business growth and the new hybrid work model but having the correct mix of security products is only part of an effective strategy.

“Because there is a shortage of cyber security workers for SMEs, they require security solutions that deliver proven threat prevention, are extremely simple to deploy and manage, and offer the flexibility of an ‘all-in-one’ solution that combines security and internet connectivity,” Manor said.

“SME security providers should use a prevention-first approach and one that cuts down TCO by reducing the need to manage additional staff or security expertise.”

The Check Point survey reflects that a majority of organisations including SMEs have embraced cloud, mobile, and SaaS technologies in recent years. Compared with pre-pandemic levels, there has been an increase in IT spending to drive business growth. SMEs have accepted that the hybrid work model is here to stay and therefore have increased their investment in communication technologies and services to support remote workers.

With remote workers using home and office access points, the attack surface has expanded thereby increasing the risk of cyber attacks. With the increase in supply chain attacks across the industry, cyber criminals are increasingly using more vulnerable SMEs as an entry point into larger enterprises. According to Check Point, this approach wreaks havoc on both the SMEs, and all the enterprises they interact with.

Given the global cyber security skills shortage, SMEs are struggling to properly secure their critical assets, making them a growing target for cyber criminals. Larger enterprises usually have bigger IT budgets and security resources, so they can recover more easily from a cyber attack. For SMEs, a cyber attack can be fatal to their business. The survey found that two of the biggest impacts that cyber attacks have on SMEs include lost revenue (28 per cent) and the loss of customer trust (16 per cent).

VIEW ALL

SMEs struggle with a lack of expertise and require additional support

Less than a quarter (22 per cent) of respondents felt they were extremely well protected against cyber attacks, and only a minority have internal security specialists or are working with a third party. This means that a large number of SMEs either have no security products in place or these products are managed by non-specialist staff.

While there is a significant rise in the number of SMEs working with managed service providers (MSPs) to help address IT issues, around a third of respondents noted they would like additional help from their MSP in upgrading security.

Cyber security as an investment

The SMEs surveyed clearly recognised the disastrous effects of a cyber attack on their company but seemed to agree that they had inadequate security budgets.

Security vendor solutions priced beyond their budgets was identified as a key challenge to having effective cyber security capabilities. Something has to change to enable SMEs to take a longer-term view of the value of cyber security so that they can invest today to protect their growth tomorrow.

SMEs are adapting to the “new normal” but mobile security is lacking. SMEs are expecting 40 per cent of their employees to continue working remotely for at least some of the time. The highest priority in all countries was to ensure that IT can be managed and supported remotely, validated by additional laptop purchases and increased VPN capacity. However, the survey also shows that the take-up rate of even basic security products is low. The most adopted service, endpoint protection, is only used by 67 per cent of respondents and less than half have any form of mobile security.

SMEs should also be looking for a consolidated and unified security suite, Manor further explained, noting that that achieves a high level of protection across their network, endpoints, mobile and email.

“SMEs should also consider leveraging third party managed service providers to gain access to experienced cyber security professionals at an affordable cost.

“Third party advisors can provide expert advice on the best security solution for each SMB along with training and ongoing support.”

Research firm Analysys Mason conducted the SME cyber security market survey based on 1,150 small and medium-sized businesses (SMB) across the US, Germany, UK and Singapore for Check Point.

[Related: Half a million customers at risk after Aussie wine retailer hit by cyber attack]