SMEs under attack, security readiness still low

When it comes to securing their data, SMEs remain several steps behind their larger counterparts.

Some reasons for the disparity in security readiness may be that SMEs have not as often been the targets of hackers, privately held companies don’t face the same pressures for security as do their public-company counterparts, and that they simply may have pushed off the issue, according to Joakim Thorén, Versasec’s CEO.

As larger companies become increasingly sophisticated around security, hackers are re-aiming their sites at smaller companies, and many are simply not prepared. For instance, of those surveyed, nearly 40 percent admitted they would like to better understand smart card management tools to help them meet their company’s security needs.

Mobility is daunting

Respondents from companies of all sizes cited mobility as the technology that poses the greatest security concern for them (43 percent). Other concerns include cloud usage (32 percent) and external devices/BYOD implementations (22 percent). The crux here, however, is that although SMEs are mature enough to recognize these security challenges, they may not be ready yet to invest in addressing them, as is evidenced by the next data point.

Network security is a key focus

Survey respondents said network security, at 74 percent, was where they are focusing their security efforts this year. Other key areas for investments in security include physical security (43 percent), two-factor identification (41 percent), and cybersecurity (37 percent).

Heavy reliance on simple security

The vast majority of respondents (86 percent) say username and password are a primary method for authenticating access to their company’s data, despite the very public breaches faced by many companies over the last few years. Physical smart cards are in use at slightly more than half the companies (54 percent). Other methods the companies said they use include public key infrastructure (43 percent) and one-time password (31 percent). Biometrics and virtual smart cards are distant followers, at just 16 percent and 12 percent, respectively.

Budgets are not security focused

Slightly more than 40 percent of those surveyed said their companies have committed just 0 percent to 10 percent of their IT budget on security for 2016. Approximately 36 percent said security spending this year would consume between 10 percent and 25 percent of their budget. An additional 12 percent said they would spend between 25 percent and 50 percent of their budget on security.

“It will be interesting to look at these numbers in a year’s time and see whether the SMEs are stepping up their security spend, and why,” Thorén said. “For now, we are encouraged to see the interest in using smart cards as it’s the easiest and most cost effective way for securing a company’s IT domain today.”