The Good, the Bad and the Risky: Current State of IT Security for SMBs
July 31, 2017
Technology has revolutionized business. However, along with all the advantages and benefits technology affords us, it comes with a few risks and vulnerabilities that some businesses are still struggling to come to terms with. For example, storing records electronically makes them easier to organize and locate when they’re needed. It also makes them vulnerable to hacker and cyber-attacks. Still, most SMBs are working toward mitigating risks as opposed to abandoning the use of technology in their business operations – and a current assessment of the situation does show improvement over past years.
The following seven statistics examine the current state of IT security for SMBs, as well as why these numbers should be of importance to you and your business.
Only 36 percent of organizations report being fully aware of employee activity on their network. From terminated employees with continued access to your network to current employees spending the day on social media instead of working and even to Internet of Things devices connecting without knowledge or permission of a company, there are all types of unauthorized access that a business network has to be aware of. This study is saying that only 1/3 of companies have an idea of what is happening on their network. When it comes to network access, what you don’t know can hurt you – and cost your company money!
The percentage of businesses that that have at least some control over employee activity on their network grew from 62 percent in 2016 to 85 percent in 2017. This statistic is one of the few significant positive changes that is highlighted in this business IT risk report. SMBs are finally starting to recognize the importance of access control when it comes to IT security. The truth is, many major security breaches are caused by human error (some of it intentional) from employees who access a network or parts of a network outside of their job with malicious intent.
65 percent of respondents admitted to having security incidents in 2016; the most common reasons cited were malware and human errors. SMBs are being targeted regularly by cyber criminals. Many of these respondents have failed to take the proper network security measures, despite a security incident. Historically, many SMBs are involved in a full-scale cyber-attack and experience loss before they fully enact and enforce network security.
48 percent of organizations that have to comply with any cyber security standard still struggle to ensure continuous compliance and provide complete evidence of it to auditors. Certain industries require SMBs to comply with cyber security standards and regulations, regardless of their size and network security experience. Moving forward, it will be more and more common for the entries requiring compliance to request proof of compliance, including policy implementation and compliance audits. For SMBs who can’t meet these compliances, it is recommended that they contact a third party, like Catalyst Technology Group for guidance.
79 percent of respondents say that detecting and mitigating human errors, both malicious or accidental is critical for reducing IT risks. The secret is out. Sometimes, humans make mistakes. Other times, they are just up to no-good. For example, malware may ravage a network as a result of an employee that accidently clicks on an attachment in their email. SMBs have started to acknowledge the element of risk generated on a regular base by humans. Businesses next need to take measures to mitigate the human threat with proper training of best practices, ensuring they take situationally-appropriate network security measures, and regularly update these measures to keep up with threats and risks.
These are just five of the many items that Netwrix Risk Report can tell SMBs about all of the threats that they are facing every day. For those of you who don’t have time to read IT risk reports, a partnership with Catalyst Technology Group will go a long way toward making your network and data safe – against all types of threats, including the human element.