Only a third of small businesses believe they can manage IT security in house, due to a lack of resources and the rising tide of threats, according to a new global study.
Security vendor Webroot polled IT decision makers at businesses with fewer than 1,000 employees in the US, UK and Australia.
It found that just 37% said their organization is capable of managing security internally.
A third of companies interviewed (32%) said IT staff had to balance information security with other tasks—meaning non-specialists are forced to fill these roles, and few can devote enough time to each security task.
Some 60% said they thought their business was more open to an attack because of a lack of resources, and nearly half (48%) claimed their firm was vulnerable to insider threats. Unsecured internal or external networks were an issue for 45% and vulnerable endpoints were highlighted by 40%.
Grayson Milbourne, Director of security intelligence at Webroot, recommended that SMBs with few in-house resources or expertise should outsource to an MSSP.
“Secondly, it is important to understand your risks within the IT space,” he told Infosecurity.
“If your business keeps large amounts of personally-identifiable customer information, take extra precautions to secure this data. If your business relies heavily on its own intellectual property, make sure this data is stored safely with backups.”
Interestingly, respondents in the UK and US felt more confident about their endpoint security (63%) than those in Australia (55%). However, American SMBs stand to lose almost double ($522,000) their UK counterparts ($327,000) in an attack.
“There are a few factors that account for this. First to consider is the size of the US businesses that have been targeted and the significance of their breaches. Second is the fact that often a breach goes undetected for a considerable time, which increases losses and cost,” Milbourne explained.
“Thirdly, US customers are specifically targeted because of the increased value of each compromised account compared to less well-off geographies.”
It’s not all doom and gloom in the SMB space, however, with the vast majority of respondents (81%) claiming that security budgets would increase in 2016.
Photo © Pavel Ignitov