Effective cloud security is a vexing issue for small and medium businesses (SMBs) that typically have fewer internal resources than their larger counterparts. A recent survey of 4,984 IT staffers in 31 countries conducted by the security vendor Sophos found SMBs scrambling to close significant security gaps that leave their IaaS environments vulnerable to attack. 56% reported a surge in attack volume and 53% said the negative effect of security incidents has been more severe this year than last.
Asset misconfigurations and unpatched vulnerabilities provide cybercriminals with an easy route into organizations. The lack of insight into these two areas are major contributors to SMB security headaches. Just 37% of the surveyed organizations check resource configurations on a consistent basis for potential issues. Only 47% scan their cloud environments for security flaws. The survey found that the level of cloud expertise had little to do with how effective organizations were in consistently monitoring their cloud assets.
Novice SMBs most at risk
However, organizations with more lengthy cloud expertise reported a decrease in volume, complexity, and impact of attacks in the last year at twice the rate of novice SMBs. Thirty-eight percent of the more cloud-experienced SMBs said the effect of security incidents declined this year versus last. Just 19% of newer to the cloud organizations saw a decline in incident impact in 2022.
The scarcity of IT security resources is a common refrain among all organizations but even more so within SMBs where lacking the specialization necessary to protect IaaS assets and workloads is an overwhelming challenge. Only one-third of SMBs have the means to identify and mitigate threats in their cloud environments. In the event of a cloud security incident, just 40% have the ability to respond at any hour of the day seven days a week.
Unfortunately, it appears that knowledge which organizations have gathered in securing conventional, on-premises environments is not being brought to the cloud. Fewer than half – 40% – have an incident prevention system (IPS) in place for their cloud environment. Only 44% are currently using a Web Application Firewall to safeguard their IaaS applications and APIs. This is one area where SMBs with more cloud experience are ahead of the game. 49% of organizations identified as having advanced cloud experience are using an IPS and 53% have a Web Application Firewall.
This compares to 34% of novice cloud users having an IPS and 40% of organizations with less IaaS experience employing a Web Application Firewall. But even with experience, the gaps in SMB technology resources and best cloud security practices are jarring. Both lack of resources and a lengthy learning curve need to be quickly overcome or the impact for many of these organizations could be devastating.
How well do you really know your competitors?
Your download email will arrive shortly