Tired SMB security teams with face mask sit on floor of office

Falling Budgets and Evolving Threats Force SMB Security Teams to “Do More With Little”

Small and medium sized businesses (SMBs) continue to grapple with falling security budgets despite facing unique challenges during the COVID-19 pandemic. This shortfall forces the SMB security teams to do more with less, thus making their jobs more challenging, according to the annual SMB IT Security Report by Untangle. The new “work from home” arrangement also opened up new security challenges, further undermining the ability of organizations to keep up.

Key findings of the Untangle SMB IT security report

The study found that SMBs continued to allocate fewer resources for IT security. For example, 38% of SMBs allocated less than $1,000 for their IT security budgets, compared to 29% in 2019 and 27% in 2018.

Coincidentally, 88% of SMB employees are temporarily working remotely, while 33% had temporarily moved all their operations online. More than half (56%) of these positions are expected to become remote permanently.

As for security solutions, most SMBs rank firewalls (82%), antivirus software solutions (57%), endpoint security solutions (48%), archiving management, and backup and VPN

technologies, (47%), and Web filtering (40%) as the most important requirements for IT security.

The Untangle report also highlighted that although SMBs have adopted a hybrid on-premises/cloud-based IT infrastructure, 71% still use firewalls on site.

Close to half (48%) of the SMBs have more than one branch, making Software-Defined Wide Area Networks (SD-WAN) their ideal network infrastructure. Over a quarter (26%) of the polled SMBs said they had already deployed SD-WAN technology or were considering it.

For enterprises with SD-WAN deployments, 26% said the major benefit was the improvement of internet efficiency while 32% said the deployments helped them improve their network security. Others benefited by reducing IT spending (14%) and simplifying connections to other branch offices (13%).

The researchers said that 77% of the SMBs experienced no data breaches within the past 12 months compared to 57% and 58% in 2019 and 2018 respectively. Similarly, 15% of the targeted SMBs successfully warded off an attack during the same period. About 45% of the SMBs polled said they adjusted their IT security policies based on recent security breaches.

Barriers to SMB IT security

The SMB IT security report found that 32% of SMB security teams consider budget their greatest barrier. Close to a quarter (24%) consider employees who ignore IT security guidelines as the greatest challenge.

Other challenges mentioned include limited time to research and understand emerging threats (13%). Lack of enough manpower (12%) and limited knowledge (11%) were other challenges faced by SMB security teams.

Management decisions and effects on SMB security teams

Limited resources and manpower affect the efficiency of SMB security teams. Fewer employees meant that SMB security teams have to work more. The SMB security teams are forced to work longer hours and complete more tasks, and thus face more job-related pressure.

Tight job schedules deny them time to research and understand emerging threats. According to the report, 13% of SMB security teams considered this situation as a major barrier to SMB IT security.

#SMB IT security budgets continued falling each year, denying the #security teams the resources necessary to address emerging #cyberthreats. #cybersecurity #respectdata Click to Tweet

Limited manpower also forces 72% of SMBs to spread IT security responsibilities across departments internally. Many employees, therefore, wear multiple hats within the same organization. Having many responsibilities causes the employees to falter on some, leaving organizations vulnerable to attacks.

The culmination of these factors also contributes to SMB security teams failing to acquire knowledge of various security solutions. 11% of those polled blamed this problem for poor SMB IT security.