What are small organizations doing about cybersecurity?
Last week, I published a blog on the state of cybersecurity at small organizations. As a review, two-thirds of firms with 50 to 499 employees have experienced at least one cybersecurity incident over the past few years, leading to lost productivity and business disruptions. Survey respondents claim that the biggest contributing factors to these cybersecurity incidents included human error, a lack of knowledge about cyber risk, and new IT initiatives lacking proper cybersecurity oversight.
Based upon this data, many small organizations don’t have the skills, staff, or cybersecurity infrastructure to keep up with the threat landscape.
So, what are they doing to bridge this gap? Spending more money on cybersecurity for starters. Fifteen percent of organizations claim they will substantially increase their cybersecurity budgets while another 53 percent will increase their cybersecurity budget somewhat.
Many smaller organizations also realize that they can no longer carry the cybersecurity load on their own – 32 percent of small organizations will substantially increase their use of managed security services, while another 40 percent will increase their use of managed security services somewhat.
Finally, small organizations seem to be leaning toward integrated product suites from a single vendor. Fifty percent of respondents say that their organization would prefer to procure all their cybersecurity tools together as part of a unified product suite while 40 percent prefer to use disparate best-of-breed security tools to protect different parts of their environment. Those who prefer best-of-breed security tools represent the traditional infosec mindset, believing that a heterogeneous layered defense provides the best protection. Perhaps, but this strategy carries a lot of operational overhead, and many small don’t have the resources for this type of difficult workload.
Netting this out, small organizations hope to address their cybersecurity deficiencies by increasing budgets, moving to security product suites, and working with managed security service providers.
Read on for more cybersecurity advice.
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user.