Networking, Enterprise, MSP, Content, Small business

Cybersecurity Survey: Most Businesses Unprepared for Cyber Threats

Most organizations appear overconfident about their cybersecurity strategy, according to a recent survey of 401 small and medium-sized businesses (SMBs) and enterprises conducted by SolarWinds MSP, which develops IT monitoring and management software for service providers.

Indeed, 87 percent of IT executives said they consider their organization's cybersecurity readiness to be "robust," according to the survey results. Comparatively, 71 percent of survey respondents stated their organization suffered at least one data breach in the past 12 months, according to SolarWinds.

Seven Pitfalls of Cybersecurity

SolarWinds MSP’s John Pagliuca
John Pagliuca

The survey highlighted seven pitfalls of cybersecurity:

1. Inconsistency in Enforcing Cybersecurity Policies. Only 32 percent of survey respondents said they apply and audit their security policies regularly, and 43 percent noted they enforce these policies occasionally.

2. Negligence in the Approach to User Security Awareness Training. Sixteen percent of respondents said they rank user security awareness training as a priority.

3. Shortsightedness in the Application of Cybersecurity Technologies. Web protection, email scanning and anti-malware solutions had each been rolled out by 50 percent to 61 percent of respondents. Conversely, advanced cybersecurity solutions like security information and event management (SIEM), firewall rules and patch management solutions had been deployed by only 33 percent.

4. Complacency Around Vulnerability Reporting. Twenty-nine percent of respondents indicated their vulnerability reporting was "robust."

5. Inflexibility in Adapting Processes and Approach After a Data Breach. After a data breach, 41 percent of respondents said they implemented new cybersecurity technology, and 41 percent noted they changed their cybersecurity processes.

6. Stagnation in the Application of Key Data Breach Prevention Technologies. Full disk encryption represented the most prevalent data breach prevention technique among survey respondents, but it was performed by only 43 percent.

7. Lethargy Around Cyberattack Detection and Response. Over the past 12 months, cyberattack detection times increased for 40 percent of respondents.

Many organizations are confusing IT security and cybersecurity, SolarWinds MSP General Manager John Pagliuca said in a prepared statement.

Organizations must be able to deploy a multi-pronged, layered approach for advanced cybersecurity protection, Pagliuca stated. This approach requires organizations to address cybersecurity "prevention, protection, detection, remediation and the ability to restore data and systems quickly and efficiently," Pagliuca noted.

Cybersecurity Advice for MSPs

SolarWinds provided the following tips for MSPs that want to help organizations that are overconfident about their cybersecurity strategies:

1. Offer cybersecurity training to your customers. Training helps organizations cut down on cybersecurity incidents, resulting in fewer emergency calls and happier customers.

2. Make sure your own house is in order. Review internal security practices and technology to ensure they will meet the needs of SMBs and enterprises both now and in the future.

3. Prepare with disaster drills. With disaster drills, MSPs can help customers prepare for the worst-case cybersecurity scenarios.

4. Determine the partnerships and skills that you will need to succeed. An MSP can hire in-house cybersecurity professionals or find a partner that can help it handle cybersecurity incidents.

Cybercriminals are constantly searching for ways to capitalize on organizations' cybersecurity overconfidence, SolarWinds MSP pointed out.

However, MSPs can help organizations address cybersecurity flaws and drive revenue growth, according to the company.

"With the right approach, dialogue, relationships and tools, MSPs can turn  flaws into lucrative opportunities," SolarWinds MSO noted in a prepared statement.

Hmmm... ChannelE2E tends to agree. That's why our team next week will launch... um... (ask Joe Panettieri for details).

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.