The numbers speak for themselves: nine out of 10 security leaders believe their organization is failing to address cyber risks, according to Foundry’s Study of security priorities for 2021.
And while investing in hardware and software to better protect sensitive data from cyberattacks is best practice, it’s not cheap.
However, many SME leaders mistakenly believe that their organizations are not targeted and that spending more money on IT security is wasteful if they have not been violated, says Candide Wuest, vice president of cybersecurity research. Acronis.
However, many organizations spend less than 10% of their IT budget on security, according to a new report from Acronis.
But the problem isn’t just security costs, Wuest adds; small budgets generally make it difficult to meet all business needs.
In addition, he says, many small and medium-sized enterprises use third-party security services, which makes “the amount of work spent on data protection and security, and the benefits of it, harder to see the CEO or President”.
The security risks for small and medium-sized enterprises are growing
The truth is that cyberattacks are becoming more complex as attackers already use automation and machine learning, making it harder to block threats with traditional security solutions.
“This is especially true because organizations are embracing the digital transformation and using new online services that need to be protected,” says West. “Without adapting and updating cyber protection stack, these security vulnerabilities will increase over time, making it easier for attackers to find and break holes. “
Meanwhile, employees continue to pose threats. An Acronis survey found that 56% of workers lost data at least once in 2021 due to accidental deletions, application / system crashes, malware attacks, lost / stolen devices and other causes. In addition, 26% lose data repeatedly.
Cyberattacks can be devastating to businesses of all sizes, forcing them to suffer severe financial sanctions, loss of income related to their stay, and serious reputational damage. In fact, 76% of organizations have had data outages in the past year – a 25% increase over the previous year, according to an Acronis report.
Cybersecurity Investment Tips
So how do you persuade company executives to increase your security budget?
One way to prove the need for security software is to perform an attack exercise or external intrusion test to show potential vulnerabilities in the security stack. A list of these vulnerabilities should be accompanied by a plan of ways to deal with them, Wuest said.
For example, having indicators of the number of blocked incidents in the IT environment can help illustrate the risks. Combine this with recently published examples of what can happen if an organization is unprepared, as well as an explanation of how providers or providers of managed security services (MSSPs) can fill in the gaps.
Other security measures include strong authentication, setting appropriate access and control privileges, timely management of corrections, and the use of segmented networks. Also, make sure you have backups and a disaster recovery plan to minimize downtime when an accident occurs.
“These steps must be followed by a good email security solution,” says West. “Most attacks start with a malicious email or phishing attack. If these threats can be filtered out before reaching the user’s inbox, then the risk can be minimized. “
As there are many moving parts that need to be analyzed, it is also important to consolidate suppliers and look for automated and integrated solutions, he advises. “This can help save on common costs and free up some of the budget.”
From applications to infrastructure, click here to see how Acronis can help your organization fill security gaps and protect your business.
Copyright © 2022 IDG Communications, Inc.