A new report from Sophos shows SMBs are most likely to be impacted by a shortage in cybersecurity skills.
The report shares findings from an independent survey of 5,000 frontline practitioners around the globe that highlight the impact on SMBs, or organisations with fewer than 500 employees.
The global cybersecurity skills shortage is well known and well documented. SMBs need to address these challenges within resource and budget constraints to reduce the impact and achieve better cybersecurity outcomes.
Understanding the challenges is the first step to addressing it.
The simple truth behind the skills shortage is that there are insufficient skilled cybersecurity professionals.
SMBs are disproportionately impacted by the skills shortage: a shortage of in-house cybersecurity skills/expertise is ranked as the 2nd biggest cybersecurity risk, topped only by zero-day threats.
This impacts SMBs in two ways: a lack of expertise, and a lack of capacity.
SMBs are more likely to have a higher rate of data encryption in ransomware attacks, with 74% of incidents resulting in data encryption.
The survey revealed that during 33% of the time, SMBs have no one actively monitoring, investigating, and responding to alerts, leaving them vulnerable to attacks.
However, investigating suspicious security alerts is challenging, with 96%of SMBs struggling with at least one aspect of security operations. 75% of SMBs also find timely responses to malicious alerts or incidents difficult.
Addressing the SMBs skills gap can reduce these risks. Engaging third-party cybersecurity specialists is often the easiest way to add expertise and capacity.
The two most common approaches are using managed detection and response (MDR) services and managed service providers (MSPs). MDR services provide 24/7 threat hunting, detection, and response across the environment, while MSPs act as an in-house IT and cybersecurity support to small businesses.
Sophos offers solutions actively designed for SMBs. Sophos Central is a large, scalable cloud native AI-powered platform used to manage all Sophos cybersecurity solutions.
Aaron Bugal, Field CTO, Sophos explained: “A shortage of in-house cybersecurity skills is one of the biggest cyber risks for businesses today. When you couple this mounting skills gap with a major burnout crisis among cybersecurity professionals, small businesses are more vulnerable to attacks. With 91% of ransomware attacks occurring outside of standard business hours, SMBs need to monitor their networks 24/7 to identify malicious activity before an attacker can exfiltrate or encrypt data.
“Businesses should take stock of their security capabilities and look for opportunities to improve their overall cyber resilience. It’s a delicate balance between people, processes and technology. Understand your team’s strengths and limitations and balance them with external expertise to enhance the security posture.”