COVID-19 Strains Small/Medium Business Security Teams, Report Says

 In COVID-19


COVID-19 Strains Small/Medium Business Security Teams, Report Says

Small and mid­sized busi­ness­es (SMBs) are under increas­ing strains caused by the huge work-from-home surge result­ing from the COVID-19 pan­dem­ic, says a new report.

The report, 2020 SMB IT Security, comes from SMB secu­ri­ty spe­cial­ist Untangle, which in its 2019 report high­light­ed how cloud-based ser­vices and the increas­ing number of branch office net­works are pro­mot­ing the rise of soft­ware-defined wide-area net­work­ing (SD-WAN).

This year, famil­iar themes are report­ed — such as budget con­straints ham­per­ing secu­ri­ty — but COVID-19 intro­duces a new factor as most busi­ness­es have shift­ed at least part of their work­forces to remote work, which some plan on con­tin­u­ing post-pan­dem­ic. That latter find­ing reaf­firms what some have referred to as “the new normal” of per­ma­nent remote work.

“As the abnor­mal becomes our new normal, SMBs need to approach remote work by using a com­bi­na­tion of cloud-based appli­ca­tions and on-premis­es solu­tions to keep employ­ees and sys­tems safe, and ensure busi­ness con­ti­nu­ity,” said Scott Devens, CEO at Untangle.

The com­pa­ny’s report is based on a survey of more than 500 SMBs, find­ing that:

  • 88 per­cent of busi­ness­es sur­veyed tran­si­tioned at least some of their work­force to work­ing remote­ly
  • 33 per­cent have tran­si­tioned 100 per­cent of their work­force to work­ing remote­ly
  • 56 per­cent of respon­dents will con­tin­ue to have some employ­ees work from home per­ma­nent­ly

Devens touted tech­nolo­gies with multi-lay­ered net­work secu­ri­ty tools and hybrid net­work infra­struc­tures, includ­ing SD-WAN, to avoid large-scale net­work vul­ner­a­bil­i­ties for orga­ni­za­tions of all sizes. Untangle sells an SD-WAN router among its secu­ri­ty wares.

Even amid the pan­dem­ic, how­ev­er, some things remain the same for SMB secu­ri­ty teams, includ­ing budget con­straints top­ping the list of secu­ri­ty bar­ri­ers.

Last year’s survey report­ed top bar­ri­ers thusly:

  • Budget con­straints — 48 per­cent
  • Limited time to research and under­stand new threats — 36 per­cent
  • Rogue employ­ees who do not follow guide­lines — 32 per­cent

This year’s lists the same bar­ri­ers but in a dif­fer­ent order:

  • Budget con­straints — 32 per­cent
  • Employees who do not follow IT secu­ri­ty guide­lines — 24 per­cent
  • Limited time to research and under­stand emerg­ing threats — 14 per­cent

Another peren­ni­al prob­lems is small bud­gets, with many report­ing annual bud­gets of less than $1,000.

Annual IT Security Budgets for SMBs
[Click on image for larger view.] Annual IT Security Budgets for SMBs (source: Untangle).

“Of the 500 SMBs sur­veyed, 74 per­cent ranked net­work secu­ri­ty as a pri­or­i­ty for their busi­ness,” the report says. “Even as such, year over year, more SMBs are asked to do more with less. In this year’s survey, 38 per­cent of SMBs have $1,000 or less allo­cat­ed to their IT Security budget, in com­par­i­son to 29 per­cent in 2019 and 27 per­cent in 2018. With lim­it­ed resources, SMBs have had to find cre­ative ways to imple­ment net­work secu­ri­ty poli­cies and pro­ce­dures through­out the orga­ni­za­tion.

“One of those ways, accord­ing to 72 per­cent of survey respon­dents, is to spread IT respon­si­bil­i­ty across all depart­ments inter­nal­ly. This means that a single indi­vid­ual can wear mul­ti­ple hats within one busi­ness. Many times this helps a busi­ness main­tain a lean work­force and meet rev­enue goals, but it can also mean large holes in the net­work. If a single employ­ee is respon­si­ble for man­ag­ing oper­a­tional plat­forms, daily HR duties, and direc­to­ry access, one or more of these may fall to the way­side, leav­ing out­dat­ed soft­ware or hard­ware open for cyber crim­i­nals to take advan­tage of.”

Other high­lights of the report include:

  • 64 per­cent of SMBs deployed a por­tion or all of their IT infra­struc­ture in the cloud.
  • SMBs rank fire­walls (82 per­cent), antivirus pro­tec­tion (57 per­cent), end­point secu­ri­ty (48 per­cent), archiv­ing man­age­ment and backup and VPN tech­nolo­gies, (47 per­cent), and web fil­ter­ing (40 per­cent) as the most impor­tant fea­tures when con­sid­er­ing which IT secu­ri­ty solu­tions to pur­chase.
  • While SMBs have adopt­ed a hybrid on-premis­es/­cloud-based IT infra­struc­ture for busi­ness appli­ca­tions, with a small per­cent­age increase of cloud deploy­ments com­pared to last year, most SMB’s (71 per­cent) have their fire­wall on site rather than in the cloud.
  • 48 per­cent oper­ate in more than two loca­tions, making SD-WAN an ideal tech­nol­o­gy for them.
  • 45 per­cent, indi­cat­ed that they have adjust­ed or reeval­u­at­ed their IT secu­ri­ty roadmap based on recent secu­ri­ty breach­es and ran­somware attacks.
  • Of those SMBs sur­veyed and who expe­ri­enced a data breach within the last 12 months, 15 per­cent were able to stop the attack or any unau­tho­rized access before sen­si­tive data was extract­ed.

The report is avail­able for free upon pro­vid­ing reg­is­tra­tion infor­ma­tion.

It joins others that have illus­trat­ed heightened cybersecurity threats amid the pan­dem­ic. For exam­ple, last month, VMware Carbon Black’s latest secu­ri­ty threat report warned of over­loaded secu­ri­ty teams, a sea of dis­tract­ed new remote work­ers expos­ing more vul­ner­a­bil­i­ties and new attack vec­tors to worry about.

“The fear and para­noia cours­ing through the world left orga­ni­za­tions par­tic­u­lar­ly vul­ner­a­ble to cyber­at­tacks — which shot up by an esti­mat­ed 66 per­cent” after the pan­dem­ic hit, says the fifth install­ment of VMware Carbon Black’s semi­an­nu­al Global Incident Response Threat Report.

Also last month, we report­ed on how the inter­na­tion­al police orga­ni­za­tion INTERPOL said “fear and uncertainty” help hack­ers exploit the pan­dem­ic.

Another report indi­cates orga­ni­za­tions have adjust­ed their pri­or­i­ties amid COVID-19, focus­ing on cybersecurity, cloud and AI.

About the Author

David Ramel is an editor and writer for Converge360.

Virtualization & Cloud Review source|articles

Recommended Posts

Start typing and press Enter to search