Content, Midmarket, Content, Networking

10 SMB Cybersecurity Myths: Cisco Research Provides Reality Check

Small and medium-sized businesses (SMBs) frequently prioritize cybersecurity in the same way as large organizations, according to an SMB cybersecurity report from Cisco Systems.

In its report, Cisco put the following SMB cybersecurity myths to rest. Keep in mind that Cisco's SMB research focused on small and midsize businesses that have 250 to 499 employees -- rather than micro businesses that typically lack in-house cybersecurity expertise.

Here are the 10 SMB cybersecurity myths that Cisco puts to rest...

1. Only Large Organizations Face Public Scrutiny After a Cyberattack: Among SMBs, 50 percent said they faced public scrutiny after a cyberattack last year. Comparatively, among large organizations, 51 percent indicated they faced public scrutiny after a cyberattack.

2. Large Organizations Experience Less Downtime Than SMBs After a Cyberattack

Approximately 24 percent of SMBs said they experienced downtime of eight hours or longer after a cyberattack, compared to 31 percent among large organizations.

3. SMBs Do Not Employ Dedicated Security Personnel: Less than 1 percent of SMBs said they do not have dedicated security personnel on their staff, and 60 percent noted they have over 20 security staff members at their disposal.

4. Large Organizations Have More Up-to-Date Infrastructure Than SMBs: In terms of maintaining an up-to-date infrastructure, 94 percent of SMBs said they keep their infrastructure very up to date or update their infrastructure regularly.

5. SMBs Face Different Cyber Threats Than Large Organizations: Cybercriminals often use ransomware, stolen credentials and other cyber threats to attack both SMBs and large organizations.

6. SMBs Do Not Proactively Hunt for Cyber Threats: Among SMBs, 72 percent said they have an internal department or team dedicated to threat hunting.

7. SMBs Do Not Test Their Incident Response Plans: Only 5 percent of SMBs do not test or rarely test their incident response plans.

8. SMB Leaders Do Not Take Data Privacy and Security Seriously: Within SMBs, 90 percent of IT decision-makers said they are familiar with their company's data privacy programs.

9. SMBs Do Not Patch Security Vulnerabilities Regularly: Among SMBs, 56 percent said they patch security vulnerabilities daily or weekly.

10. SMBs Cannot Track the Efficiency of Their Security Programs: Approximately 86 percent of SMBs have metrics in place to measure the effectiveness of their security programs.

Although many SMBs and large organizations devote time and resources to cybersecurity, cyber threats are evolving, and these organizations must find ways to keep pace. If organizations adopt security programs and educate employees about current and emerging cyber threats, they can guard against a wide range of cyberattacks and reduce the likelihood of data breaches.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.