Subscribe
About

Smaller security teams at higher risk of attack

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 14 Jul 2022

Organisations with small security teams continue to face a number of unique challenges that place them at greater risk than their enterprise counterparts.

In fact, 58% of CISOs at smaller organisations felt their risk of attack was higher compared to enterprises, despite the fact that enterprises have a larger target on their back.

This was one of the findings of extended detection and response (XDR) platform Cynet’s “CISO Survey of Small Cyber Security Teams.”

The survey analysed responses from 200 CISOs at small to medium-sized enterprises (SMEs) with five or fewer security staff members and cyber security budgets of $1M USD or less.

These risks are driving smaller entities to consolidate security platforms to fewer, more robust and comprehensive tools to simplify and improve protections – 90% of small security teams said they are outsourcing security mitigation to a managed detection and response service, while also using managed security services providers (21%) and virtual chief information officer services (15%).

An endless barrage

The survey also found that most of these businesses were overwhelmed by an endless barrage of cyber attacks. The CISOs surveyed said they are inundated by many of the same threats that larger organisations have to deal with, but don’t have the financial strength, specialist skills, training and proper solutions needed to continually remediate them.

A staggering 94% said they have barriers in maintaining their security posture, 87% said they have difficulty in managing and operating their threat protection products due to overlapping capabilities (44%) and difficulty visualising the full scope of an attack (42%).

A rise in EDR tools

A major year-over-year rise in the use of endpoint detection and response (EDR) tools (from 52% to 85% of respondents), was noted by the survey, as well as a doubling of extended detection and response (XDR) tool usage (from 15% to 30%).

Among respondents, 77% indicated that EDR is now the number one tool for detecting threats, up significantly from 23% in 2021.

It's clear that small security teams are seeing the value in robust EDR and XDR solutions, particularly in remote working landscapes.

Those reporting network detection and response as the primary method for detecting threats fell from 46% in 2021 to only 3% in the 2022 survey. It's clear that small security teams are seeing the value in robust EDR and XDR solutions, particularly in remote working landscapes where employees are often not on the company network.

Eyal Gruner, CEO and co-founder of Cynet, says it is a challenge for CISOs with small security teams to buy and maintain the comprehensive set of security solutions needed to protect their organisations from complex and sophisticated threats.

"The survey results once again show how these security experts continue to adapt their protection strategies in response to the ongoing wave of criminal and state sponsored cyber attacks."

Share