Although the pandemic forced many small and medium-sized businesses (SMBs) to scale back their operations—and in some cases close all together—those businesses saw an increase in cyberattacks, according to a new study from remote access and enterprise password management solutions provider Devolutions.
The company’s survey of 440 IT professionals and tech decision makers at organizations primarily in North America that identify as SMBs, found that remote workers at SMBs were targets of cyber threats as they were logging into corporate systems outside of the corporate network.
The findings reveal that SMBs are no more immune from cyberattacks than federal agencies or government contractors, as 52% of respondents say they have experienced a cyberattack in the last year, and 10% have been the target of more than 10 attacks.
The survey also shed light on the cybersecurity challenges of smaller businesses that don’t have the expertise, skills or resources to shore up their cyber defenses, as 40% said they do not have a comprehensive and updated cybersecurity incident response plan.
With that context, it’s no surprise that the survey found that 72% of SMBs are more concerned about cybersecurity than they were a year ago.
Specifically, SMBs are concerned about ransomware, phishing and malware, and the study found that 20% of ransomware victims are SMBs.
The company’s report cites the importance of password management and privileged access management (PAM) solutions to help protect against those threats, most of which start with compromising account credentials.
According to Devolutions, most SMB respondents have processes and solutions in place to help manage those credentials, as 92% have an offboarding process that revokes account access, 74% provide cybersecurity training and 71% use a password manager.
However, just 13% of SMB respondents have a fully-deployed PAM solution, which is down from the same study conducted one year earlier. Devolutions says this may be due to an increase in SMBs turning to password managers as a PAM substitute.
“While password managers play an important role in the overall security mix — such as reducing cybersecurity fatigue among users — they are fundamentally not built to manage access to privileged accounts, as they do not provide the visibility, control, and governance required to safeguard sensitive data, support compliance requirements, and manage at scale,” the report says.
Devolutions lays out a set of over a dozen recommendations, including:
- Proactively protecting against ransomware, phishing and supply chain attacks
- Implementing a comprehensive cyber incident response plan
- Deploying a password manager
- Implementing a password management policy
- Developing an access deprovision process
- Deploying a privileged access management solution
- Protecting, monitoring and managing all privileged accounts
- Adopting a Zero Trust infrastructure approach
- Improving cybersecurity awareness and training
- Enforcing a remote worker security policy
- Developing a cybersecurity audit process
- Leveraging support from MSPs
- Increasing IT security budgets
In a statement, Devolutions CEO David Hervieux said progress is being made by SMBs, but they still have a long way to go.
“A key takeaway for SMBs is to take immediate – but at the same time intelligent – action to reduce their risk,” he said. “That’s why in our new report we’ve provided a series of practical, proven and affordable recommendations to help SMBs make informed decisions.”