SMBs Struggle with Encryption, Patching and Skills Gap

Written by

Small and midsize businesses (SMBs) are more vulnerable to attacks because of their weaknesses in encryption, workload configuration, limited visibility and outdated and unsupported operating systems, according to Alert Logic.

Researchers analyzed more than 1.3 petabytes of data and approximately 8.2 million security events across more than 4,000 organizations of all sizes. 

The new report, Critical Watch: SMB Threatscape 2019, found that two-thirds (66%) of SMB devices are running versions of Microsoft OS that will expire by January 2020 or are still running Microsoft OS versions that have expired, the majority of which are over 10 years old. The report also found that over 30% of SMB email servers operate on unsupported software, and almost a third of the top email servers detected were running on Exchange 2000.

For nearly half (42%) of all SMBs, encryption is in some way related to the security issues they face. In addition, vulnerabilities go unpatched by the vast majority (75%) of organizations in the SMB space. 

“Our analysis of AWS configuration issues shows that encryption issues affect 33 percent of the SMB instances we scanned. This indicates encryption is not yet an instinctive behavior despite being a best practice and a requirement of many regulations including PCI-DSS, HIPAA, HITECH, GBLA, GDPR, NIST, SOX and state regulations such as CA SB 1386,” the report said.

“The continued lack of skilled cybersecurity professionals affects organizations of all sizes, and small and midsize businesses are at greater disadvantage because they can’t scale like large organizations can,” said Onkar Birk, senior vice president of product strategy and engineering at Alert Logic. “These organizations will greatly benefit from partnering with providers who can augment their limited teams with threat intelligence and experts to be more secure and compliant.”

“Alert Logic’s research confirms that SMBs would benefit from more cost-conscious security options to take some of the responsibility off their shoulders,” continued Birk. “That’s our mission. We aim to bring the level of security traditionally afforded to the Fortune 500 to businesses of any size.”

What’s hot on Infosecurity Magazine?