A couple of weeks into National Cybersecurity Awareness Month in the U.S., the Ponemon Institute has released the results of the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses. The report, commissioned by Keeper Security, is based on in-depth interviews with 2,391 IT and IT security practitioners in the U.S., U.K., Germany, Austria, Switzerland, Belgium, Netherlands, Luxembourg, Denmark, Norway, and Sweden.
This year’s findings uncovered an increasingly dangerous cybersecurity threat environment for small and medium-sized businesses (SMBs) around the world, with SMBs in all surveyed countries reporting significant increases in targeted cybersecurity breaches. Sixty-six percent of SMBs around the world reported experiencing cyber attacks in the past 12 months, and nearly three-quarters (72%) have been attacked within their companies’ lifetime.
Cybercriminals Are Using More Sophisticated Attack Methods
The report also found that cybercriminals have upped the ante and are using more complex, targeted methods to attack SMBs and steal sensitive data.
SMBs can no longer depend on technical security defenses. Over the past year, 69% of SMBs worldwide experienced cyber attacks that got past their intrusion detection systems, and 82% were targeted by attacks that their antivirus solutions didn’t catch.
Company insiders are the biggest threats to SMB cybersecurity. Sixty-three percent of SMBs globally reported a data breach in the past 12 months that was traced back to employee or contractor negligence.
Cybercriminals are using social engineering tactics to steal passwords. Among the top cyber attack methods used against SMBs in the last 12 months were phishing/social engineering (57%), compromised or stolen devices (33%) and credential theft (30%).
Once inside an SMB’s network, cybercriminals steal sensitive data. Globally, 63% of SMBs reported an incident in the past year that involved the loss of sensitive information belonging to customers or employees.
Too many SMBs aren’t positioned to defend themselves against cybercriminals. SMBs agreed that cyber attacks were becoming more sophisticated and targeted, and the consequences (such as remediation costs) were growing more severe. However, nearly half (45%) of these organizations described their IT security posture as ineffective, and one-third have no incident response plan.
Security Risks From IoT and Emerging Technologies Are Vexing SMBs
SMBs are taking big security risks with emerging technologies such as mobile devices, IoT and biometrics.
Nearly half (49%) of SMBs globally said that using mobile devices to access business-critical applications was detrimental to their organization’s security posture, and 71% said that mobile devices were their organizations’ most vulnerable endpoints. Despite these concerns, 48% access more than half of their business-critical applications from mobile devices.
IoT security is severely lacking. Over three-quarters of respondents (80%) said that it was likely that a security incident related to unsecured IoT devices would be catastrophic to their organizations, but only 21% monitor the risk of IoT devices in the workplace. The DACH region (Germany, Austria, and Switzerland) had the best handle on IoT security, with 25% of those organizations monitoring the security risks of smart devices.
The results also suggest that biometrics may be becoming mainstream; 75% of SMBs globally either currently use biometrics to identify and authenticate users or plan to do so soon.
Learn more during our upcoming live webinars
We hope you can join Keeper and Ponemon Institute for one of our live webinars as we discuss the findings of the Ponemon 2019 Global State of Cybersecurity in SMBs study and what SMBs can and should be doing to protect themselves from cyber threats.
U.S. webinar: Wednesday, October 30, 1:00 p.m. ET
U.K. and Europe webinar: Thursday, 31 October, 2:30 p.m. GMT