Cynet: Need for SMEs with Small Security Teams to Rethink Cybersecurity Strategy

Cynet survey titled “2021 CISO Survey of Small Cyber Security Teams” revealed that  companies with small security teams, generally SMEs, are facing a number of unique challenges, placing these organizations at greater risk than their larger enterprise counterparts. These enhanced risks are moving 100% of these companies to outsource at least some aspects of security threat mitigation in order to safeguard IT assets.

In this survey of 200 CISOs at small and medium size enterprises (SMEs) with five or fewer security staff members and cybersecurity budgets of $US one million or less, it was found that a majority of these organizations were overwhelmed by the endless volley of cyber-attacks. This has been due in large part because SMEs are inundated by many of the same threats facing larger organizations, but lack the financial resources, specialist staff, training and proper tools to consistently remediate threats. According the research results in this survey:

– 63% of these CISOs feel their risk of attack is higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
– 57% of CISOs admitted that their ability to effectively protect their companies is overtly lower than they would like it to be.
– 57% of companies indicated they do not have enough skill and experience to protect against cyber-attacks.
– 80% of responding CISOs said they would like to invest in more automated security solutions as these companies look for innovative ways to do more with fewer heads.
– As a result of the aforementioned, 100% of small security teams are outsourcing security mitigation to an external provider with 53% outsourcing to an MDR service and the balance outsourcing to an MSSP provider.

An advantage that organizations with limited security teams have is their understanding of the value that solutions like EDR (Endpoint Detection & Response) provide. 87% of those using an EDR solution said it was valuable. However, the vast majority of respondents (79%) said it took their teams more than four months to finish their EDR deployment and become proficient in using the solution.

The top tactics used by these smaller operations to improve processes was to invest in automated solutions and processes (80%) followed by investments in security training and certifications (61%), consolidation of security tools and platforms (61%), replacement of complex security technologies (52%) and outsourcing to service providers to fill security tool gaps (51%).