Let’s review the current state of cybersecurity for small- and medium-sized businesses (SMBs). According to Cybint, the average cost of a data breach for SMBs worldwide now stands at $3.9 million. Such an amount can be devastating to SMBs monetarily, but a data breach can also wreck an SMB’s reputation. That helps to explain why 60% of SMBs close within six months of having suffered a digital attack, as reported by Cybersecurity Ventures.
Those attacks happen more often than you might think. Half of SMBs suffered a security incident over the course of 2020, Fundera found in a survey. This finding reflects the fact that 43% of digital attacks targeted SMBs that year. It also underscores how an even greater proportion (47%) of SMBs admitted to having no understanding of how to defend themselves against digital attackers.
So, what caused those security incidents? Fundera observed that human error and system failure accounted for 52% of reported data breaches involving SMBs. Broadened out to include larger enterprises, that figure jumps up to 95%, per Cybint.
What the Security Landscape Looks Like Going Forward
It doesn’t look like things will be easing up for SMBs anytime soon. Much of this has to do with an ongoing lack of emphasis around security best practices in organizations of all sizes. In a survey covered by Infosecurity Magazine, for instance, researchers reported that cloud breaches are expected to increase in “velocity and scale” due to poor cybersecurity practices. A majority (93%) of respondents admitted to using cloud deployments that contain misconfigured services, a lapse in security which could leave organizations’ cloud-based data exposed to instances of unauthorized access. Other cloud deployment issues included the presence of at least one network exposure where a security group was left open (91%), hardcoded private keys (72%), and unprotected credentials stored in container configuration files (50%).
It’s a similar story with IoT security. IBM X-Force found that the volume of IoT attacks grew 400% between October 2019 and June 2020 when compared to the previous two years. Within that window of analysis, Threatpost reported on a survey in which researchers determined more than half of IoT devices to be vulnerable to medium- or high-severity attacks. The study noted that 98% of all IoT traffic was unencrypted, an issue which could expose network data, and that many IoT devices used outdated legacy protocols and operating systems.
How to Address These Security Concerns
Some SMBs and other organizations might think that hiring skilled infosec personnel puts them in a position where they can react to the concerns discussed above along with other security issues whenever they come up. As we all know, organizations are having trouble finding skilled professionals who meet their security requirements. Cybersecurity Ventures reported that there will be 3.5 million unfilled security jobs globally by the end of this year, for instance. That’s up from one million positions in 2014.
But there’s an even greater problem with this line of thinking. Relying on security personnel to react to potential security incidents is not enough in today’s threat landscape. SMBs need a central management plane where they can coordinate their security tools. They need centralized visibility and analytics to make sense out of what’s going on in their environments. Those capabilities will help to boost IT security staff productivity by helping organizations to proactively gain insight into the threats they face across their network, from endpoints to the cloud, and to quickly deal with those threats effectively.
All SMBs need is the right solution. That’s where ReliaQuest Open XDR-as-a-Service comes in. This eXtended Detection and Response (XDR) platform integrates SIEMs, EDR tools, and other solutions across an organization’s security stack to help security teams obtain a comprehensive picture of the threats facing them. ReliaQuest’s platform differs from other XDR security tools in that it’s vendor-agnostic. This trait helps the solution to integrate across an even wider variety of technologies for the purpose of increasing visibility, reducing complexity, and managing risk.
ReliaQuest’s Open XDR-as-a-Service is not intended to replace your organization’s security technologies. It’s meant to integrate them together so that it can provide security teams with higher fidelity alerts and automated processes. Security thereby becomes more efficient, timelier, and more proactive in the fight against digital attackers.