The cyber-threat to business has never been greater: From JP Morgan to Home Depot to eBay, Heartbleed to BashBug to Poodle, the threats have seemed to intensify. Small and medium-sized businesses (SMBs) are just as vulnerable as larger organizations, but employee education and access to appropriate cloud security tools remains a challenge.
According to CloudEntr by Gemalto’s 2015 ‘State of SMB Cybersecurity’ survey, 77% of respondents identify employees as the bad apple when it comes to data and network vulnerability, especially regarding cloud applications, and point to education as the solution.
However, while IT professionals say that they recognize current threats — nearly 90% of those using the cloud responded that they were concerned about cloud security — 60% said that recent hacks hadn't made any significant impact on their security decisions. In fact, just more than 60% said that recent hacks would not change security purchasing plans for the year ahead.
And without convenient tools to follow security best practices and company policies, security education is simply lip service.
“One of the more interesting findings from the report is that despite the fact that an overwhelming number of IT professionals in small and mid-size business sectors feel that they are concerned about cloud security, a majority of those same decision-makers are turning to employee education, but not giving those same employees the tools they need to ensure proper secure protocols and practices,” said Tom Smith, vice president of business development and strategy at CloudEntr.
Overall, CloudEntr's 2015 survey of SMB IT professionals paints a picture of an SMB industry awash in cybersecurity threats, yet still unwilling to properly invest in or address the issues at hand.
“Given the proliferation of threats experienced in 2014 and its strong potential to increase in 2015, we believe SMBs should consider investing in the tools that will ensure that the sanctity of their data and brands remains intact,” Smith continued. “If there ever was a ‘Year of the Hack’, 2014 has been it,” the report noted.
Awareness does seem to be increasing though. In looking to the year ahead, 89% of companies say they will focus on employee education, which is a first critical step. However, stronger network perimeter and server security both ranked as important issues for SMBs, at 62% and 46% respectively, with employee-enabling security tools at just 37%.