Content, Channel markets, Content, Small business

SMB Cybersecurity Training: Research Reveals Progress, Challenges Revealed

Webroot’s Charlie Tomeo
Webroot's Charlie Tomeo

Small and medium-sized businesses (SMBs) often prioritize cybersecurity training. However, few IT decision-makers (ITDMs) at SMBs are prepared for cyberattacks, according to a survey conducted by threat intelligence services provider Webroot.

Key findings from Webroot's "SMB Cybersecurity Preparedness" report of 600 ITDMs at SMBs included:

  • 79 percent of ITDMs indicated they are not "completely ready to manage IT security and protect against threats."
  • Almost 100 percent of SMBs train employees on cybersecurity best practices, but this figure drops to half or a third when ITDMs are asked about training "continuously."
  • Phishing attacks (48 percent) ranked as the top external security threat for ITDMs, followed by domain name system (DNS) (45 percent), ransomware (42 percent) and distributed denial of service (DDoS) (39 percent) attacks.
  • The average estimated cost of a cyberattack in 2018 is $527,256 among U.S. SMBs, £305,357 among UK SMBs and AUD 994,025 among Australian SMBs.

The rise of new cyberattacks is leaving many SMBs feeling unprepared, Webroot VP of Worldwide Business Sales Charlie Tomeo said. Yet SMBs that prepare for cyberattacks can understand and address cybersecurity challenges like never before.

Cybersecurity Best Practices for SMBs

Webroot offered the following cybersecurity best practices for SMBs:

  • Offer ongoing employee cybersecurity training. Implement ongoing employee cybersecurity training to ensure workers can stay up to date on the latest cyber threats.
  • Develop a BYOD strategy. Use a combination of device control policies, device-level security and mobile workforce security training to ensure workers can reap the benefits of bring-your-own-device (BYOD) policies without putting an organization's sensitive data in danger.
  • Conduct phishing simulations. Perform regular phishing attack simulations to raise awareness of different phishing methods.
  • Evaluate your risk profile. Identify and assess an organization's security posture and map out a cybersecurity strategy accordingly.
  • Plan for a data breach. Develop a data breach response plan that includes security experts to call and a communications response plan to notify customers, staff and the public.
  • Back up critical data. Back up data regularly with hard data and offline versions.

Managed service providers (MSPs) also can help SMBs implement layered cybersecurity strategies to secure end users and their devices at every stage of a cyberattack and across every possible attack vector, Tomeo stated. By doing so, MSPs enable SMBs to overcome a lack of cybersecurity expertise and bolster their security efforts without significant time and resource investments.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.