Small
and
medium-sized
businesses
have
good
reason
to
be
concerned
about
the
loss
of
data
and
financial
impacts
While
tech
advancements
have
enabled
small
and
medium
businesses
(SMBs)
to
grow
their
business
and
allowed
them
to
evolve
their
operational
models,
cybersecurity
risks
and
threats
can
cancel
any
progress
that
has
been
made
so
far.
Underlying
these
is
another
serious
obstacle:
SMBs
lacking
confidence
in
managing
cybersecurity.
The
lack
of
confidence
manifests
as
a
strong
belief
among
SMBs
that
businesses
of
their
sizes
are
more
vulnerable
to
cyberattacks
than
are
enterprises.
They
have
good
reason
to
be
concerned
about
the
loss
of
data,
financial
impacts,
and
a
loss
of
customer
confidence
and
trust.
The
main
concerns
over
the
next
12
months
are
twofold.
Firstly,
there
are
human
factors
related
to
poor
employee
cyber-awareness
and
both
IT
admin
capacity
and
maturity.
Secondly,
there
are
technical
factors
such
as
vulnerabilities
in
the
partner
ecosystem
(supply
chain),
proliferation
of
apps
used
by
employees,
nation-state
attacks,
and
the
migration
of
services
to
the
cloud.
Simply,
many
organizations
are
overwhelmed
by
these
demanding
needs.
Help!
Time
hasn’t
stood
still
for
SMBs
While
technology
and
services
options
mushroomed
well
before
the
COVID-19
pandemic,
the
amount
of
remote
monitoring
and
management
of
services
and
bespoke
SMB
software
that
now
await
customers
is
fearsome.
Particularly
in
the
area
of
security,
the
overabundance
of
options
and
sometimes
poor
outcomes
have
eroded
SMB
confidence
in
key
areas.
This
has
seen
businesses
split
between
keeping
cybersecurity
in-house
or
choosing
to
outsource.
Knowledge
is
also
lacking,
particularly
around
access
to
third-party
experts,
response
times,
and
threat
forensics.
And,
despite
a
healthy
number
of
solutions,
arguments
supporting
the
needed
investments
haven’t
kept
pace
with
changes
to
operational
models,
and
security
needs
underlined
by
the
migration
to
hybrid
work
models
are
becoming
ever
more
relevant.
The
2022
ESET
SMB
Digital
Security
Sentiment
Report
highlights
that
many
SMB
budget
holders
are
highly
cognizant
of
top
risk
factors
that
significantly
or
moderately
increase
their
risks
of
cyberattacks.
Respondents
cited
that
the
top
driver
of
risks
in
the
next
12
months
will
be
a
lack
of
employee
cyber-awareness,
up
to
(84%),
compounded
by
vulnerabilities
in
the
partner/supplier
ecosystem
(79%),
and
migrating
services
to
the
cloud
(77%).
Trapped
between
low
confidence
and
a
hard
place
Looking
more
granularly,
the
top
three
(specific)
cybersecurity
challenges
at
surveyed
SMBs
are:
keeping
up
with
the
latest
digital
security
threats
(54%),
keeping
pace
with
the
latest
approaches
and
technologies
(50%),
and
lack
of
investment
in
cybersecurity
(49%).
Other
concerns
include
a
lack
of
skills,
overworked
teams,
alert
fatigue,
and
a
lack
of
leadership
support.
“Keeping
up,”
for
some,
means
how
to,
practically
speaking,
face
concerns
about
malware,
web-based
attacks,
ransomware,
third-party
security
issues,
and
critical
or
high-severity
software
vulnerabilities.
More
than
half
are
concerned
about
Remote
Desktop
Protocol
(RDP),
distributed
denial-of-service
(DDoS)
attacks,
business
email
compromise
(BEC),
cloud
computing
issues,
and
supply
chain
attacks.
And,
while
few
of
these
security
threats
are
specific
to
their
segment,
74%
of
SMBs
believe
that
businesses
of
their
sizes
are
more
vulnerable
to
cyberattacks
than
are
enterprises.
In
no
uncertain
terms,
SMB
concerns
about
loss
of
data,
financial
impacts,
and
loss
of
customer
confidence
and
trust
reflect
their
lack
of
capacity
to
simultaneously
mitigate
these
challenges
while
maintaining
momentum
on
core
business
competencies.
Surprise
result:
Despite
the
security
risks,
77%
say
they
will
continue
to
use
the
Remote
Desktop
Protocol
(RDP).
Here’s
more
about
threats
vectoring
from
RDP.
With
less
than
a
third
of
respondents
VERY
confident
in
any
area
of
cybersecurity,
including
IT
team
cybersecurity
knowledge
(32%),
the
speed
with
which
they
can
identify,
isolate
and
respond
to
a
threat
(30%),
access
to
third-party
experts
(29%),
their
reported
sentiments
beg
the
question
of
which
businesses
are
confident
enough
to
keep
security
in-house.
Always
prepared
for
post-breach
business
Luck
rarely
holds
out
forever,
and
our
survey
demonstrates
that
approximately
two-thirds
of
respondents
have
experienced
or
acted
on
indications
of
security
breaches.
These
typically
take
weeks
to
address,
costing
SMBs
significantly.
(On
average,
SMBs
estimate
the
TOTAL
COST
to
their
organizations
incurred
by
these
breaches
to
be
the
equivalent
of
€219K.)
Following
breaches,
SMBs
may
invest
in
training,
perform
audits,
or
purchase
new
cybersecurity
tools.
Generally,
this
means
taking
steps
to
harden
remote
access
tools,
specifically
to
protect
logins
with
multifactor
authentication
(50%),
restrict
their
use
to
corporate
VPNs
only
(50%),
and
keeping
remote
access
tools
up
to
date
(49%).
With
only
27%
of
respondents
indicating
that
they
have
conducted
cybersecurity
audits
in
the
past
six
months,
and
33%
in
the
past
12
months,
the
situation
is
worrisome.
In
organizations
where
cybersecurity
audits
have
been
conducted
in
the
past
two
years,
52%
used
external
IT
security
companies/Managed
Service
Providers
(MSPs),
while
40%
conducted
the
audits
themselves,
and
8%
did
both.
We’re
all
in
this
together
While
the
approaches
taken
are
still
split,
85%
of
SMBs
say
that
everyone
in
their
supply
chains
has
a
responsibility
to
improve
their
cyber-resilience,
but
most
also
express
concern
that
a
lack
of
investment
in
cybersecurity
may
compromise
others
in
their
supply
chains.
Ultimately,
effective
cybersecurity
is
viewed
as
something
that
provides
businesses
with
the
confidence
to
grow
and
innovate.
Follow
our
series
as
we
further
explore
the
2022
ESET
SMB
Digital
Security
Sentiment
Report.
From
it,
we
can
already
be
sure
that
SMBs
do
understand
that
both
their
businesses
and
global
supply
chains
depend
on
continued
improvement
of
their
security.
For
more
insight
into
how
fellow
SMBs
see
the
security
landscape
around
them,
read
our
2022
SMB
Digital
Security
Sentiment
Report.
Take
a
look
at
our
ESET
Protect
Ecosystem,
with
powerful
and
scalable
security
technologies
covering
a
wide
spectrum
of
security
needs.
About Author
