The numbers speak for themselves: nine out of 10 security executives believe their organization is not coping with cyber risks, according to Foundry’s A study of 2021 security priorities.
And while investing in hardware and software to better protect sensitive data from cyberattacks is a best practice, it’s not cheap.
However, many SMB executives mistakenly believe that their organizations are not targeted and that they spend more money on IT security if they have not been hacked, says Candide Wust, vice president of cyber defense research at Acronis .
However, many organizations allocate less than 10% of their IT budget to security, according to Fr. new report from Acronis.
But the problem isn’t just in security costs, Wust adds; small budgets generally make it difficult to meet all business needs.
In addition, he said, many small and medium-sized businesses use third-party security services, making “the amount of work involved in data protection and security, and the benefits of this, harder to see for a CEO or president.”
Security risks for small and medium enterprises are growing
The truth is that cyber attacks are becoming more sophisticated because attackers are now using automation and machine learning, making it harder to block threats with traditional security solutions.
“This is especially true when organizations are embracing the digital transformation and using new online services that need to be protected,” says Wust. “Without adaptation and renewal cyber defense stack, these security gaps will grow over time, making it easier for attackers to find holes and hack them. ”
Meanwhile, employees continue to pose threats. An Acronis study found that 56% of employees lost data at least once in 2021 due to accidental deletion, application / system crashes, malware attacks, lost / stolen device and other causes. In addition, 26% lost data several times.
Cyberattacks can be devastating to businesses of any size, leading to severe financial sanctions, loss of revenue due to downtime and serious damage to reputation. In fact, 76% of organizations have experienced downtime due to data loss last year – 25% more than the previous year, according to an Acronis report.
Cybersecurity Investment Tips
So how do you persuade company executives to increase your security budget?
One way to prove the need for security software is to perform attack exercises or an external penetration test to show possible gaps in your protection stack. The list of these vulnerabilities should be accompanied by plans to address them, Wust says.
For example, having indicators of the number of blocked incidents in the IT environment can help illustrate the risks. Combine this with recently published examples of what can happen if an organization is not prepared, and an explanation of how providers or providers of managed security services (MSSPs) can close the gaps.
Other security measures include strong authentication, setting up appropriate access and control privileges, timely management of patches, and the use of segmented networks. Also, make sure you have backups and a disaster recovery plan to minimize downtime in the event of an incident.
“These steps should be followed by a good email security solution,” Wust says. “Most attacks start with malicious email or a phishing attack. If these threats can be filtered out before they reach the user’s mailbox, the risk can be minimized. “
Since there are many moving parts that need to be analyzed, it is also important to consolidate suppliers and look for automated and integrated solutions, he advises. “It can help save overall costs and free up some budget.”
From applications to infrastructure, click here to see how Acronis can help your organization fill security gaps and protect your business.
Copyright © 2022 IDG Communications, Inc.