A recent survey of 700 SMBs (small and medium businesses) by Untangle shows an increase in cybersecurity budgets and awareness. While some companies still have users working remotely, 50% of respondents have moved back into the office or at least some form of hybrid work environment. Most companies – 64% – see breaches as the top security concern and have taken steps to increase the security posture of their company. 80% of respondents believe they are more secure this year than last even with the increase number of cyberattacks recently. To protect against these breaches and other attacks, SMBs see firewalls and antivirus/anti-malware as the top security solutions. These solutions offer a first line of defense, but we also see security awareness and training as a top security priority.
The report highlights the top barriers to IT security for SMBs. The number one top barrier is employees who don’t follow the rules. Users often don’t see how some of their behavior can cause breaches to occur and possibly believing that their actions couldn’t lead to a breach for some reason. Two recent breaches, T-Mobile, and Twitch caused by misconfigured servers could have been avoided with proper training and checks. The users behind the misconfiguration on the server certainly bears some responsibility but oftentimes the culture in the company doesn’t prioritize security. We sometimes see exceptions in VPN access made for IT admins or the CEO of a company because they can’t be bothered to follow best practices. We see that having IT management and executives who follow best practices 100% of the time helps creates a culture of security in the company.
UTM firewalls, antivirus, EDR, and software updates will continue to provide a good first layer of defense from cyberattacks. Yet, users need training, and a culture of security will best protect SMBs from zero day exploits and other attacks.