According to a survey by Software Advice, small and midsize businesses (SMBs) have been triggered by the spate of large-scale data breaches in the past year(s) to invest more heavily in security spending. Though most of the high-profile data breaches have involved larger organizations, SMBs are not immune to attack (they represent about 30% of cyberattacks) nor to breaches that were the result of accidental loss of data.
According to the survey of 366 security professionals, 65% of SMB decision makers are now more concerned about cybercrime than they were 12 months prior. 87% of SMBs say the coverage of 2014 data breaches has increased their concern to some extent, and 40% say the impact has been significant. 57% of SMBs plan to increase spending on security in 2015, which is quite a dramatic number. Data loss prevention is cited as the top investment priority (25%), followed by firewall, anti-malware, web security and mobile security.
Previous reports have indicated that SMBs felt themselves more “immune” from attacks and lax about data security in general. For example, while it was clear that SMBs were reaping the benefits of mobile devices, mobile security at SMBs was found quite lacking. If SMBs don’t believe they have data worth attacking, these attitudes toward data security are passed on to employees; that’s when mistakes happen. Without planning, policies and preventative technologies, data breaches are all but guaranteed. Without the same resources as large organizations, a data breach for a SMB may be something that cannot be recovered from.
It would seem that the continued increase in data breaches in 2014 has become a wake-up call to organizations of all sizes and this is an encouraging situation! They are so far the first parties not to suffer from data breach fatigue, which has plagued consumers and organizations alike.
Just as with large organizations, SMBs must take risks to data seriously. The options for data protection can be overwhelming, but we offer the same advice as we do to large organizations: adopt a layered approach, relying not just on standard options such as encryption or firewalls, but also including persistent technology to track, manage and secure devices and the data they contain. If you are a small or midsize business looking to improve your existing endpoint strategy, read our Small Business Tips to Securing Endpoints and learn more at Absolute.com