IT staff in small and medium-sized businesses (SMBs) are overwhelmed by the complexity and demands of managing multiple tools in their security stack, leading them to miss critical events and weaken security, a study finds.
The study, conducted among 500 US cybersecurity decision makers at companies with 200 to 2,000 employees in various sectors, reveals that small and medium-sized businesses are faced with cyber attacks increasingly numerous and complex.
The problem is that they don’t have the resources and expertise to defend themselves adequately, and SMB IT staffs are overstretched.
Long-term tasks
According to a survey by cybersecurity specialist Coro, 73% of SMB security professionals have missed, ignored or failed to respond to critical security alerts, with the two main reasons being lack of staff and lack of time.
The respondents gave their opinion on the tasks that take up the most time in their day:
- monitoring security platforms
- managing and updating terminals and agents
- vulnerability management or patching
- installation, configuration and integration of new security tools.
Respondents spend an average of 4 hours and 43 minutes per day managing their cybersecurity tools, with an average of 11.55 tools in their security stack. 52% of respondents said the most time-consuming task was monitoring security platforms, followed by patching vulnerabilities.
Respondents estimate that it takes 4.22 months for a new cybersecurity tool to become operational, with the same amount of time spent on installation, configuration, staff training, and integration into the existing security suite.
Mission Impossible
On average, surveyed companies manage 2029.91 security agents installed on 655.92 endpoints. 53% of them have to deal with daily or weekly updates of these agents from suppliers.
The complexity of the work faced by healthcare workers security and the enormous demands it places on already limited resources are forcing SMBs and midsize businesses to consolidate their cybersecurity tools. 85% of respondents say they want to consolidate their tools in the next 12 months.
Ultimately, this study finds that enterprise security tools—designed for large teams with unlimited resources—are falling short
expectations of small and medium enterprises.
With limited staff, these entities struggle with the complexity of managing their security, torn between budget constraints, limited resources and the need for much better security coverage. It’s an impossible mission.