Most SMBs Have Compromised on Cybersecurity

More than 70 percent of SMB IT managers say budget considerations have forced them to compromise on security features when purchasing endpoint security.

According to a survey by VIPRE, overall, price was the top factor in endpoint security purchases (chosen by 53 percent of respondents), followed by ease of use (47 percent), feature set (41 percent), support (34 percent), advanced detection technology (31 percent), cloud-based management (29 percent) and ransomware protection (21 percent).

The survey revealed that many IT managers are ambivalent about purchasing advanced security features, perhaps minimizing the actual risk their companies face and making them a bit overconfident about the protection they do purchase.

For example, 90 percent of respondents say they can afford advanced protection but only 31 percent consider that when selecting their endpoint security. In fact, 48 percent of respondents agreed with the statement that “an organization of my size does not need endpoint security with advanced malware defense capabilities.”

“SMB IT managers need to better recognize the security dangers facing their organizations,” said Usman Choudhary, chief product officer at VIPRE. “Ransomware alone was responsible for $1 billion in cyber-extortion payments last year, according to the FBI, but only 21 percent of survey respondents considered ransomware as a factor when they purchased endpoint security. We understand that price and budgets are a factor but forgoing advanced protection features such as those available through VIPRE can put a company at risk.”

As ransomware attacks and awareness of the threat increases, 53 percent of respondents said they would recommend negotiating a payment to the attackers. This represents a significant increase from the 2015 survey, where only 30 percent of IT security pros said they would negotiate. The current study also noted that 82 percent of companies suffering a cyber attack in the last year would negotiate a ransomware attack.

Despite a willingness to deal with cybercriminals, 83 percent of respondents said they would personally guarantee that their customers’ data would be safe in 2017, up from 81 percent two years ago. Interestingly, 88 percent of companies breached over the last year would guarantee protection and 100 percent of those who have been breached over the last five years would do the same—indicating that those companies have strengthened their defenses, but might still believe they wouldn’t be hit again.

With ransomware on the rise, perhaps it is no surprise that phishing attacks remain the most pervasive cybersecurity threat. About 45 percent of IT managers have had to remove malware from an executive’s computer due to phishing, a figure that rises to 56 percent for larger companies (351-500 employees).

Meanwhile, survey respondents also cited visits to porn websites (26 percent), letting a family member use a company-owned device (22 percent), attaching an infected USB stick or phone (22 percent) and installing a malicious app (21 percent) as reasons they had to remove malware. Only 25 percent said they have never been asked to remove malware from an executive’s computer.

The survey also found that roughly 40 percent of respondents believe cybersecurity will become more difficult in the Trump administration, while 40 percent believe it will be less difficult. About a fifth (19 percent) believe there will be no change.

Nearly 80 percent feel they have a strong grasp over security because they have enough in-house resources to manage endpoint security and other security solutions. And, more than 60 percent believe free endpoint security products provide enough protection for “organizations of my size,” but 90 percent have more confidence in products they buy than those available for free. Approximately 67 percent said security products are too complex, including 94 percent of companies that suffered a breach in the past year.