As the world turns digital, cyberattacks are becoming more common. Bad actors are finding digital transformation, as well as other real-world events like the war in Ukraine, as golden opportunities to commit their cybercrimes.
Large enterprises have the resources to counter and thwart these attacks. However, small- and medium-sized enterprises are being overwhelmed by the barrage of cyberattacks. This is largely due to a lack of financial resources, staff specialists, training and proper tools to consistently remediate them.
Cynet's second annual “CISO Survey of Small Cyber Security Teams" confirmed that companies with small security teams continue to face unique challenges that place them at greater risk than larger enterprises. Because of the risks, companies are moving to consolidate security platforms to fewer, more robust and comprehensive tools to simplify and improve protections.
"CISOs with small security teams struggle to purchase and maintain the comprehensive set of security solutions needed to protect their companies from increasingly sophisticated threats," said Eyal Gruner, CEO and Co-Founder of Cynet.
The survey found:
- 58% of the responding CISOs felt their risk of attack was higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
- 94% say they have barriers in maintaining their security posture, due to a lack of skilled security personnel, excessive manual analysis and the increasingly remote workforce.
- 87% have difficulty in managing and operating their threat protection products due to overlapping capabilities and difficulty visualizing the full scope of an attack.
- 90% of small security teams are outsourcing security mitigation to a managed detection and response service, while also using managed security service provider services and virtual chief information officer services.
"The survey results once again show how these security experts continue to adapt their protection strategies in response to the ongoing wave of criminal and state sponsored cyberattacks," said Gruner.
The survey also revealed a year-over-year rise in the use of endpoint detection and response tools as well as the extended detection and response tool usage. The EDR usage among respondents increased from 52% to 85%, while XDR use increased from 15% to 30%.
While these solutions are helping smaller security teams improve threat detection, the best way for smaller teams and smaller organizations to maximize their threat mitigation is to work with managed services providers (MSPs) and allow the security experts on those teams to support internal security operations – or even outsource security entirely to the MSP and free internal IT teams for other tasks.
Edited by Erik Linask