A global cybersecurity survey published by Cisco Systems finds that 53 percent of small-to-medium businesses (SMBs) experienced a breach in the last year. Perhaps more importantly, that same research finds that more than (54 percent) of all cyberattacks result in financial damages greater than $500,000 once lost revenue, customers, opportunities and out-of-pocket costs are fully loaded.
Cost estimates stemming from cybersecurity breaches tend to vary widely. For example, the Cisco survey finds that 30 percent of midmarket companies participating in the survey said breaches cost them less than $100,000, while 20 percent said a breach cost their organization between $1 million to $2.49 million.
The survey of 1,816 IT and business professionals working in SMBs finds targeted attacks against employees such as phishing (79 percent), advanced persistent threats (77 percent), ransomware (77 percent), DDoS attacks (75 percent) and the proliferation of the bring-your-own-device movement (74 percent) are the top five security concerns for SMBs.
Most troubling of all, the report suggests there is a significant amount of fatigue when it comes to tracking down the source of a potential breach alert. Midmarket companies investigate 55.6 percent of security alerts; however, SMBs and midmarket organizations can be confronted by about 5,000 security alerts a day, the report finds. The survey defines midmarket companies as having 250 to 499 employees, while small businesses have fewer than 250 employees.
The Cisco study also finds that 40 percent of midmarket respondents experienced eight hours or more of system downtime due to a severe security breach in the past year. Thirty-nine percent of midmarket companies report that at least half of their systems had been affected by a severe breach.
The report also looks into how organizations are responding to a changing cybersecurity landscape to be varied. Nineteen percent of midmarket companies, for example, are upgrading their endpoint security, while 18 percent are investing in better web application security. Another 17 percent are investing in intrusion prevention.
Paul Barbosa, sales director for cybersecurity at Cisco, said Cisco is making a case for a more unified approach to cybersecurity in part to reduce the number of alerts being generated by a broad range of point products provided by a panoply of vendors.
Less clear is why SMB organizations are not relying more on external service providers for to meet their cybersecurity needs, considering there is a chronic shortage of cybersecurity expertise. Barbosa suggested that many organizations have deemed cybersecurity to be so important they want to manage it themselves. The paradox that creates is that most of them are unable to keep pace with not just the volume of attacks being launched, but also the increased sophistication of those attacks.
It may take a while for IT organizations, service providers and vendors to develop a more coordinated response to cybersecurity threat using, for example, machine and deep learning algorithms that are at the heart of most artificial intelligence initiatives. But Barbosa said that response is most definitely coming.