New data shows that SMBs can clearly see where they have cybersecurity issues and are taking great strides to put their devoted budget to security technology and services that actually have a chance at solving the problem!
I spend so much of my time covering stories where organizations simply aren’t prepared for an attack or have their focus on areas of cybersecurity that clearly are less a risk to the organization. So, it’s a pleasure to be able to see indications that organizations – particularly SMBs in this case – have their heads screwed on straight when it comes to preparing for cyberattacks.
In Datto’s SMB Cybersecurity for MSPs Report, it’s evident that SMBs are now putting more emphasis on IT spending and, in specific, cybersecurity spending. With 42% of SMBs planning on increasing their IT budgets this year, the question becomes what are they spending it on?
If you’ve been paying attention at all to ransomware attacks and all the data I’ve presented on this blog, you know part of the challenge is the user. Without them understanding the part they play in the organization’s cybersecurity stance, as well as the proper cyber hygiene and vigilance they need to maintain in order to be effective in doing their part to protect the organization, cyberattacks will continue to succeed.
According to the Datto report, four of the top five security solutions SMBs will invest in all point back to the prevalence of ransomware:
With phishing attacks remaining the top initial attack vector for ransomware attacks, and with 11.7% of attacks making their way past security solutions to the Inbox, the choices in the top five solutions (with the exception of firewalls) all directly address aspects of a attempted and/or successful ransomware attack.
This makes a lot of sense when you cross-reference the top five reasons SMBs feel they have had cybersecurity issues, according to the report:
- Phishing emails: 37%
- Malicious websites/web ads: 27%
- Weak passwords/access management: 24%
- Poor user practices/gullibility: 24%
- Lack of end-user cybersecurity training: 23%
I’m thrilled to see that all of these issues can be partially or completely addressed simply with Security Awareness Training and that training is a part of the top five areas SMBs are investing in. This demonstrates we may have a very different cyberattack efficacy rate in 2023!