Companies with small security teams, generally SMEs, are facing a number of unique challenges, placing these organizations at greater risk than their larger enterprise counterparts, according to Cynet. These enhanced risks are moving 100% of these companies to outsource at least some aspects of security threat mitigation in order to safeguard IT assets.
In this survey of 200 CISOs at SMEs with five or fewer security staff members and cybersecurity budgets of $1 million or less, it was found that a majority of these organizations were overwhelmed by the endless volley of cyber attacks.
This has been due in large part because SMEs are inundated by many of the same threats facing larger organizations, but lack the financial resources, specialist staff, training and proper tools to consistently remediate threats.
Small security teams and cyber attacks: Key survey results
- 63% of these CISOs feel their risk of attack is higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
- 57% of CISOs admitted that their ability to effectively protect their companies is overtly lower than they would like it to be.
- 57% of companies indicated they do not have enough skill and experience to protect against cyber attacks.
- 80% of responding CISOs said they would like to invest in more automated security solutions as these companies look for innovative ways to do more with fewer heads.
- As a result of the aforementioned, 100% of small security teams are outsourcing security mitigation to an external provider with 53% outsourcing to an MDR service and the balance outsourcing to an MSSP provider.
EDR solution valuable for orgs with limited security teams
An advantage that organizations with limited security teams have is their understanding of the value that solutions like EDR (Endpoint Detection & Response) provide. 87% of those using an EDR solution said it was valuable.
However, the vast majority of respondents (79%) said it took their teams more than four months to finish their EDR deployment and become proficient in using the solution.
The top tactics used by these smaller operations to improve processes was to invest in automated solutions and processes (80%) followed by investments in security training and certifications (61%), consolidation of security tools and platforms (61%), replacement of complex security technologies (52%) and outsourcing to service providers to fill security tool gaps (51%).