Small businesses have a real hunger for new cybersecurity technologies, but they don’t always know what they need, according to a new (ISC)² study. When asked what they would invest in if they had the budget for it, some respondents alluded to “better” and “new” solutions but weren’t exactly sure what they would be.
(ISC)²’s Securing the Partner Ecosystem report reveals a concern among small businesses about running outdated technology. A comment from one respondent about what the company needs puts it all in perspective: “Phishing attack awareness, and more malware services that are up to date and cutting edge.”
While somewhat unsettling, this concern is also a good sign. It indicates small businesses recognize the need to keep their cyber defenses up to date – even if they don’t know exactly what they need. As attackers refine their methods and exploit new vulnerabilities, cybersecurity teams have to counter them with advanced, current technologies and updated policies and practices.
Currently, small businesses say they employ many of the same cybersecurity practices and technologies enterprises use, including firewalls, endpoint protection, anti-phishing spam filters and user training. The study even revealed that proportionally, small businesses hire more security staff than their large partners.
Most Companies Need More
Asked if there are security tools and solutions they want but don’t have the budget for, 72% responded in the affirmative. It’s not surprising most small businesses could use more money to invest in cybersecurity. Budgets are always under pressure, and technology evolves constantly to keep up with new threats.
What is perhaps unexpected is just how extensive the list of tools and solutions are that small businesses say they need. It shows that even though small businesses generally feel good about covering the basics of cybersecurity, they have a feeling they could do more – and they worry they could be missing out on some critical technology.
Here is a partial list of technologies they could use:
- Third-party firewall data encryption
- More advanced malware detection and anti-phishing tools
- Artificial intelligence (AI) and machine learning
- Round-the-clock monitoring
The recognition by small businesses that they could use better protection is a good start. The hard part comes in determining which solutions to implement, as illustrated in these comments from small business respondents:
- “I am uncertain, but I am confident that we are not doing all that we can.”
- “I feel like there are better programs than what we currently have that would be more constantly monitored.”
- “I would need to do further research to find out which programs would help protect our customers/clients payment information.”
It’s clear small businesses are somewhat uneasy and self-aware about their cyber defenses, which should help keep them on their toes. What’s needed now is a better understanding of what to invest in so they can better protect themselves and their partners.