Many businesses and institutions invest in cybersecurity measures, ranging from software solutions to employee training, fostering a sense of confidence in their ability to shield digital assets from cyber threats.
Despite advances in IT security, SMBs continue to be prime targets for cyberattacks. Approximately 43% of all cyberattacks this year were aimed at SMBs, according to Accenture, resulting in financial losses ranging from $120,000 to $1.24 million per incident (depending on factors like the scale of compromised data). This year also saw surges in attacks such as ransomware and IoT malware, highlighting the growing challenges faced by SMBs.
The use of AI is a tool against these threats. But AI can also be a weapon used against businesses. The reason being?
Overconfidence in AI.
In fact, when inquired about the utilization of AI, 56% of SMBs expressed a high or moderate level of confidence in their security, according to a new Devolutions study. MSP Expo sponsor Devolutions strongly advises against becoming excessively complacent regarding the security implications of AI.
Relying on the assumption of AI's inherent security without comprehensive safeguards and ongoing monitoring can leave organizations vulnerable to emerging threats. Also, the intricate and sometimes-opaque nature of AI algorithms can introduce unforeseen vulnerabilities that demand continuous scrutiny.
It's not solely AI where SMBs exhibit overconfidence, though. While nearly 80% of the respondents perceive themselves as well-guarded against cyber threats in a general sense, fewer than 60% make use of fundamental security tools such as password managers, two-factor authentication or cybersecurity training.
Several factors contribute to this disparity between perception and reality, including the tendency to underestimate the evolving intricacy of cyberattacks, which are progressively growing in sophistication.
The role of employees in cybersecurity is pivotal, as they often serve as the first line of defense and, unfortunately, can also inadvertently become weak links in the security chain. Without adequate cybersecurity training, employees may lack awareness of best practices, be unaware of potential threats or make unintentional errors that expose the organization to risks. For instance, falling victim to phishing emails or inadvertently sharing sensitive information can compromise an organization's security.
Inadequate training can also lead to a lack of vigilance among employees. Human behavior can be influenced by various factors, including convenience and productivity, which can sometimes lead employees to circumvent security protocols to achieve their tasks more easily, inadvertently creating vulnerabilities. Therefore, continuous education and training are crucial for ensuring that employees remain an asset rather than a liability in an organization's cybersecurity efforts, and it helps bridge the gap between perception and reality when it comes to security.
“The results from our survey dovetail nicely with October’s National Cybersecurity Awareness Month — as one of our primary goals with this report is to expand awareness of the vulnerabilities that many SMBs face,” said Devolutions CEO David Hervieux. “It’s not just about presenting stats but about truly educating the industry on the various pitfalls and how SMBs can use the survey findings to identify gaps, develop strategies and make informed decisions regarding their cybersecurity posture.”
There is a positive in the study: that is, an increase in budget allocation for cybersecurity. According to the study, more than half of SMBs meet the recommended spend and 86% employ cybersecurity expertise either in-house or through external consultants such as MSPs and MSSPs.
An expanded budget allows organizations to invest in advanced security tools and technologies, providing a robust defense against evolving threats. A larger budget also enables comprehensive employee training and awareness programs, reducing the human factor's susceptibility to cyber threats, further strengthening an organization's overall security posture.
“We are in the era of the digital Wild West, where threats abound,” said Devolutions CISO Martin Lemay. “SMBs must develop a defense capability to protect their interests and all their stakeholders against predictable opportunities for cyberattacks. Whether this capability is developed in-house or outsourced, cybersecurity expertise is crucial to health and well-being of SMBs’ future.”
SMBs cannot be complacent, especially with bad actors always developing new sophisticated ways to commit their acts. No matter the size of the business, they need to do what they can to stay a step ahead.
Devolutions is a Gold sponsor of MSP Expo, taking place in Fort Lauderdale, Florida, February 13-15, 2024. Part of the #TECHSUPERSHOW, MSP Expo is the premier event for MSPs, offering a three-day experience combining conference education, networking opportunities, an exhibit hall full of the latest technologies and solutions to help MSPs build their business, and more. Devolutions will be in booth #632 in the exhibit hall.
Edited by
Alex Passett