Security Experts:

Low Budgets, Limited Expertise Plague SMB Cybersecurity

In 2013, a Faronics/Ponemon study found that lack of budget and poor security capability skills were the primary causes behind the generally poor state of cybersecurity in small and medium-sized businesses (SMBs). But, said Dmitry Shesterin, Faronics' VP of product management at the time, "the main reason I see," suggested Shesterin, "genuinely and honestly, they do not care -- they concentrate on business."

Fast-forward six years and little has changed -- except that SMBs now do care. A new survey from Untangle indicates that 80% of small businesses now rank IT security as a priority for their business (slightly up from last year's finding of just less than 80%). However, the other problems persist: low security budget aggravated by minimal or no security staff.

Untangle queried 300 SMBs, with the most common staff level between 25 and 300 personnel, for its 2019 SMB IT security report. It found that 29% of these companies have an annual security budget of less than $1,000 per year. Fifty-two percent have no dedicated security professional on staff, and instead distribute the responsibility across multiple other roles.

SMBs should realize that they are heavily targeted by cybercriminals, both in themselves and as part of the supply chain for larger organizations. According to the Verizon 2019 Data Breach Incident Report (DBIR), 58% of SMBs experienced a cyber incident in 2018. Furthermore, SMBs are less likely to have the resources to fully recover from a serious incident.

But despite the lack of focus on cybersecurity, SMBs are heavily reliant on cyber technology. Fifty-one percent have up to 100 devices connected to their network, and 40% operate in at least five different physical locations (remote or overseas offices and remote workers). Seventy-four percent have deployed at least part of their infrastructure to the cloud; but 63% have not deployed a firewall in the public cloud.

With such low security budgets (48% spend less than $5,000 annually) there is little room to improve security through security product -- and no room to employ a security specialist. The general situation is not new, and has led to an increasing use of available budget to outsource the solution. In 2017, a separate survey found that 80% of SMBs expected to use a third-party cyber security provider by the end of that year.

Untangle believes that the issues highlighted by SMBs are best solved by use of software-defined wide area networks (SD-WANs), which can improve business efficiency and increase security at a relatively low cost, usually with built-in compliance. Part of this is driven by the increasingly distributed nature of small and medium businesses and the growing use of cloud services -- but the lack of in-house security and technical expertise is slowing the realization. Currently, only 20% of SMBs are considering this as a solution.

"SD-WAN provides an easy way to connect branch offices together," explained Heather Paunet, VP of product management at Untangle. Untangle will shortly release a light-weight SD-WAN Router that can be deployed at branch offices. "It will connect all branch offices into one corporate network and use NG Firewall at HQ, or in the cloud," she explained.

The advantage of SD-WAN for distributed SMBs is basically twofold: increased business efficiency while improving security. Business tools, such as video conferencing use more bandwidth than ever. Software defined networking (SDN) can help with this by optimizing WANs already in use. Instead of SMBs keeping up with new technology by upgrading their internet, they can adopt SDN to optimize the internet that they already have.

"SMBs are highlighting that they have the problems that are addressed with SD-WAN," explains Paunet. "However, they are also highlighting that they don't have the networking/security knowledge to be able to do the research to address these things.  An MSP, when they see those problems, will suggest an SD-WAN Solution. An SMB may not always know SD-WAN can solve their issues (hence only 20%).  Interestingly, we did a Partner (MSP) only survey for product research and in this one, 91% of partners surveyed were extremely, very or moderately interested in our upcoming Untangle SD-WAN Solution."

Related: 5 Things Every SMB Should Know to Strengthen Defenses 

Related: Untangle Partners With Malwarebytes to Bring Layered Security to SMBs 

Related: SMBs Eye Managed Security Solutions: Survey 

Related: New Product Protects SMBs From Credential Stuffing Attacks

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.