More than 50% of SMBs have been breached in the last 12 months, according to a North American study by the the Ponemon Institute.
No business is too small to evade a cyber attack or data breach and businesses across all industries are impacted by this threat. Only 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective.
Low confidence in SMB cybersecurity posture
Confidence in SMB cybersecurity posture is so low primarily because personnel, budget and technologies aren’t sufficient. Additionally, IT security priority determination is not centralized to one specific function in a company, therefore reducing accountability and resulting in less informed decision making.
Most prevalent attacks
The most prevalent attacks against smaller businesses are web-based and involve phishing and social engineering breaches. Widely adopted technologies such as anti-virus are still useful, but they can not be depended on to protect against exploits and cyber attacks. Three out of four SMBs reported that exploits have evaded their anti-virus solutions.
Lack of control and visibility
The study found that SMBs have a major lack of control and visibility when it comes to employee password security. Strong passwords and biometrics are believed to be an essential part of a security defense, yet 59% of respondents say they have no visibility into employees’ password practices and hygiene and 65% do not strictly enforce their documented password policies.
“We’ve conducted many surveys on enterprise cybersecurity in the past but this unique report on SMBs sheds light on the specific challenges this group faces,” said Dr. Larry Ponemon, Chairman of the Ponemon Institute. “Considering the size of the SMB market in the United States alone, this information can be useful to diminish the risk of breach to millions of businesses.”