With ransomware and phishing attacks on the increase, small and midsized businesses are increasingly turning to the cloud, as well as new technologies like SD-WAN, to help build up their security defenses, according to a newly released industry survey.
One reason that small and midsized businesses (SMBs) are turning toward these technologies is pure economics. About half of these enterprises had $5,000 or less annually to spend on IT security, and of that number, only half had $1,000 earmarked for security.
In addition to budget constraints, SMBs have limited time to understand and research the latest threats and also lack the manpower to respond, according to the Aug. 2 study released by Untangle, a San Jose-based company focused on network security.
The survey found that fewer than 30% of SMBs have a dedicated security professional on staff, which makes issues around training staff and creating security and compliance policies difficult.
"One big gap is in user awareness and training," Dirk Morris, the chief product officer of Untangle, wrote in an email to Security Now. He added that small businesses face the same security attacks as their larger counterparts, but SMBs have fewer resources to deal with an increasing number of threats.
"A surprising number of attacks still rely on help from unsuspecting users," Morris added. "Phishing, spoof websites and malicious downloads necessitate constant vigilance and user education, even with solutions like endpoint antivirus and firewalls in place."
The survey is based on the results of interviews with 350 SMBs, and the company plans to release the full report at this year's Black Hat conference in Las Vegas, which takes place later this month.
While security remains a concern, SMBs are starting to address the issue by moving some of their data to the public cloud, where service providers can at least provide security for the infrastructure, although data remains the responsibility of the customer. However, adoption remains slow since only 25% of those surveyed are using cloud infrastructure services.
At the same time, more small businesses -- more than 30%, according to the survey, are investing in SD-WAN technologies.
SD-WAN -- shorthand for software-defined wide-area networking -- uses software-defined networking to establish connections between distant locations, such as enterprise facilities and cloud providers. It also provides a more flexible, less expensive alternative to traditional wide-area networking (WAN) connectivity, which depends on dedicated hardware.
While still a newer technology, SD-WAN is growing, with some estimates placing the market at $3.3 billion by 2021. (See Cisco, VMware Battling for SD-WAN Supremacy – Report .)
Zero in on the most attractive 5G NR deployment strategies, and take a look ahead to later technology developments and service innovations. Join us for the Deployment Strategies for 5G NR breakfast workshop in LA at MWCA on September 12. Register now to learn from and network with industry experts –
communications service providers get in free!
In his email, Morris noted the many SMBs have a headquarters and several branch offices, especially in markets such as retail. If security is centralized at HQ, then SD-WAN and the flexibility it brings starts making more sense. It also helps as businesses turn toward cloud-based services such as SaaS.
"For example, a company with a headquarters, retail outlet and branch office may not be resourced the same way across these locations," Morris wrote. "IT staff and security solutions may only be deployed at the headquarters. SD-WAN offers multi-site organizations the ability to centralize their security by sending traffic to a single location for processing, whether that is a physical location (like the headquarters) or a cloud deployment."
While the report noted that SMBs are evaluating and installing new technologies, traditional security services such as firewalls, network detection tools, anti-virus and anti-malware are still the most frequently purchased.
— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.