The vast majority of small and medium-sized businesses (SMBs) have gaps in their cyber skills and expertise, according to research from Sophos.
96% SMBs find at least one aspect of investigating suspicious alerts difficult, with specific tasks including identifying which signals to investigate, prioritizing which signals to probe, or keeping accurate records.
Sophos’ survey fielded responses from 5,000 IT and cybersecurity professionals across 14 countries and was conducted in Q1 2024.
The security firm found that organizations with fewer than 500 staff - the definition of SMB for this report - perceive a shortage of in-house cybersecurity skills and expertise to be their second biggest security risk.
By comparison, this factor ranks seventh in cyber threats for organizations with over 500 staff members.
The report noted that smaller teams make it more challenging for IT workers to take time out for security education and means staff have fewer opportunities to benefit from peer-to-peer learning.
The report also found that a third (33%) of the time, no one is actively monitoring, investigating, or responding to security alerts in SMBs.
“SMBs are most acutely impacted by the cyber security skills shortage,” Ben Aung, Sage’s chief risk officer, told ITPro.
“They have neither the budgets nor career opportunities to compete against larger organizations for cybersecurity talent, and often lack the capabilities and resources to bring in new entrants and train them up,” he added.
Simplified solutions are key to SMB cybersecurity
As SMBs are critical to the supply chain of larger organizations, Aung said, it's important that governments, larger firms, and resellers meet the challenge of the SMB cyber skills shortage. The key, he thinks, is simplicity.
“These organizations can significantly reduce SMBs' cyber risks by offering technology and services which are secure, easy to configure and operate right out of the box,” he said.
“SMBs should be able to take advantage of digital tools and the cloud without needing a PhD in cyber security - it should be simple to enable multi-factor authentication (MFA), set user access permissions and important controls like security patching and data backups should just be set up by default,” he added.
Concerns over cyber skills shortages come amid a period of escalating threats for SMBs globally. Research from Kaspersky earlier this year, for example, found the number of cyber infections experienced by small businesses in Q1 rose by 5% compared to the same period in 2023.
RELATED WEBINAR
Over 2,400 firms encountered malware on their systems, with the most common form of attack being trojans that often find their way into IT systems under the guise of legitimate software.
Similarly, a recent study from Vodafone found nearly half (43%) of all cyber attacks in the UK specifically target SMBs. The impact this has on small businesses cannot be understated, the study found, with around 60% of these leading to business closures within just six months.
More from ITPro
- Why ransomware attacks happen to small businesses – and how to stop them
- SMB security gaps drive new opportunities for channel players
- Cyber crime cost UK businesses more than £30 billion in 2023, and small businesses were among the worst hit
-
Enterprises face delicate balancing act with data center sustainability goalsNews High energy consumption, raw material requirements, and physical space constraints are holding back data center sustainability efforts, according to new research from Seagate.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
MSPs are struggling with cyber security skills shortagesNews A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
-
Nearly 70 software vendors sign up to CISA’s cyber resilience programNews Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
-
Sophos and Tenable team up to launch new managed risk serviceNews The new fully managed service aims to help organizations manage and protect external attack surfaces
-
Ransomware groups are using media coverage to coerce victims into payingNews Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actorsNews While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
-
Cyber security in the retail sectorWhitepapers Retailers need to ensure their business operations and internal data aren't breached
-
Cyber security in manufacturingWhitepaper The increasing cost of cyber crime means manufacturers need to adapt
