The study by Keeper Security and conducted by the Ponemon Institute found that more than 50% of SMBs have been breached in the last 12 months.
Only 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective. Confidence in SMB cybersecurity posture is so low primarily because personnel, budget and technologies aren't sufficient. Additionally, IT security priority determination is not centralized to one specific function in a company, therefore reducing accountability and resulting in less informed decision making.
The most prevalent attacks against smaller businesses are web-based and involve phishing and social engineering breaches. Widely adopted technologies such as anti-virus are still useful, but they can not be depended on to protect against exploits and cyber attacks. Three out of four SMBs reported that exploits have evaded their anti-virus solutions.
The study found that SMBs have a major lack of control and visibility when it comes to employee password security. Strong passwords and biometrics are believed to be an essential part of a security defense, yet 59% of respondents say they have no visibility into employees' password practices and hygiene and 65% do not strictly enforce their documented password policies.
"SMBs were being highly targeted by hackers and the rate at which breaches are occurring is alarming. Cyber attack prevention is now everyone's responsibility," said Darren Guccione, CEO and Co-Founder of Keeper Security. "As both frequency and size of data breaches increases, SMBs must face the reality that a material adverse financial impact on their business is a real possibility. An SMB does not require a signficant IT budget to protect their business. Training employees and utilizing essential security technologies such as password management, firewalls and anti-malware are straightforward, yet extremely effective ways for SMBs to mitigate cyber risk."
"We've conducted many surveys on enterprise cybersecurity in the past but this unique report on SMBs sheds light on the specific challenges this group faces," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. "Considering the size of the SMB market in the United States alone, this information can be useful to diminish the risk of breach to millions of businesses."