Small and medium-sized businesses lack the IT staff needed to run comprehensive security detection and response, according to Infocyte.
Despite the adoption of advanced cybersecurity tools, SMBs remain particularly vulnerable to long-lasting breaches compared to enterprise companies, due to a lack of IT staff needed to detect and respond to threats, according to Infocyte’s Mid-market Threat and Incident Response Report, released Thursday.
Infocyte measured threats over the 90-day span from April to June 2019, reviewing more than 550,000 forensic inspections on systems across hundreds of customer networks in the mid-enterprise business sector. Unsurprisingly, SMBs are more vulnerable to various types of threats, the report found: 22% of SMBs said their networks have encountered a ransomware attack that bypassed preventative security controls, while fileless malware attacks are also on the rise.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
Average attack dwell time—the time between an attack penetrating a network’s defenses and being discovered—ranged from 43 to 895 days for SMBs, the report found. The average dwell time for confirmed, persistent malware was 798 days. Dwell time for riskware—including unwanted applications, web trackers, and adware—averaged 869 days.
Dwell time for attacks including ransomware was much lower, averaging 43 days between the infection of the initial Trojan (often Trickbot or Emotet) and remediation, due to how the ransomware informs its victims, the report noted.
Some 72% of inspected SMB networks found riskware and unwanted applications in their environment that took longer than 90 days to remove, Infocyte found. While riskware is generally a lower risk than other attacks, networks that fail to control riskware also tend to be less ready to respond to high-priority threats once they are uncovered, according to the report.
“Infocyte’s findings should be a wake-up call for SMBs that are overly confident in their organization’s cybersecurity posture. The reality is that many lack the resources, technology, expertise, and visibility to protect their organizations, let alone their customers’ and partners’ data. The long dwell times reported by Infocyte indicate SMBs are at a higher risk of compromise than their larger enterprise counterparts,” Aaron Sherrill, senior analyst at 451 Research, said in a press release. “While modern cybersecurity threats that evade legacy preventative and detection tools are a growing security gap for SMBs, many are unable to remediate the threats they do know about in a reasonable timeframe.”
For more, check out How to become a cybersecurity pro: A cheat sheet on TechRepublic.