"Most mid-market enterprises believe they are safe because they have the traditional perimeter defenses in place. This falls far short of what’s needed for rigorous security in today’s complex threat environment. The challenge smaller enterprises face is that they have all the same security issues as large enterprises with only a fraction of the budget and less specialized personnel."To better understand how prepared SMBs are for today's digital threats, Arctic Wolf Networks conducted a survey in partnership with Vanson Bourne. The study, which is entitled "The State of Mid-Market Cybersecurity: Findings and Implications," spoke with 200 digital security IT decision-makers from mid-market enterprises in finance, healthcare, manufacturing and IT services. The data revealed that executives' perception regarding the strength of their organizations' security posture doesn't cohere with reality.
Perceptions vs. Reality of Adequate ProtectionMany mid-market IT professionals are overconfident about their organizations' security postures. Almost all the survey's respondents (95 percent) said their company's posture is at least above average. At the same time, approximately an equal number of individuals (89 percent) said their IT perimeter security products could protect their organization against any threat imaginable. Most survey respondents also feel their organizations have adequate resources to mitigate digital security risk. For instance, 90 percent of IT decision makers reported their organization has at least one person whose sole focus is digital security. Perhaps it's this investment that has 97 percent participants convinced their company spends an adequate amount on digital security.
- 72 percent of participants said their role is so expansive that they can't focus on IT security as much as they'd like. Half of respondents said they don't know where to start because security is so complex. Approximately the same number of individuals said they'd like their organization to assign additional budget and resources to security.
- Most organizations might have employees whose focus is digital security, but that doesn't mean those personnel tackle security risks in a timely manner. Half of respondents said their IT and security staff investigate security alerts only when they have time. Along those same lines, it took more than an hour for IT personnel to investigate 77 percent of security alerts. This delay increases the likelihood of a breach expanding across enterprise networks, a process which could result in critical data loss.
ConclusionArctic Wolf's survey demonstrates the fact that mid-market enterprises should reconsider their approach to security. David Monahan, senior analyst at Enterprise Management Associates, couldn't agree more. As quoted by Yahoo! Finance:
"Many mid-market organizations seem to have a sense of security bravado that leaves them particularly vulnerable to compromise. Malicious activity has been on a steady increase over the last few years and has been especially targeting small and mid-market business because they have valuable data but are generally unprepared for the assault. Seventy percent of ransomware attacks happen to organizations under five thousand employees and sixty percent of the attacked organizations go out of business within six months. Given these types of statistics, it is imperative that mid-size organizations seriously consider services that are specifically designed to provide the mid-market businesses with enterprise-grade security that fits a mid-market budget."Specifically, SMBs should consider investing in an advanced threat detection solution from a managed security service provider (MSSP). This solution should be tailored to mid-market companies. Organizations should also place a greater emphasis on prevention and response. This effort should involve analyzing logs and investigating security alerts soon if not immediately after they pop up.