Despite all the media attention on large enterprise data breaches such as Yahoo and TalkTalk, small and medium-sized enterprises (SME) don’t feel that they will be a target of an attack given their limited web presence. Based on a number of studies, this is clearly not the case and in fact, SMEs more susceptible to an attack as this report will illustrate.
Osterman Research’s survey purports that 71% of SMEs have suffered a security breach during the previous 12 months. Since these breaches are rarely made public, most SMEs are reticent about investing in appropriate security measures and personnel to address the risks associated with protecting their brand and their customer’s sensitive data.
Although large enterprises, once breached, offer the opportunity for a significant payout, SMEs are an easier target given their lack of security expertise, budget, and personnel to understand and address the risks.
According to the Annual Security Report 2016, 22% of businesses with fewer than 500 employees do not have an executive with direct responsibility and accountability for security.
Source: Annual Security Report
Recently Ponemon Institute surveyed 600 IT leaders at small and medium-sized businesses for its State of Cybersecurity in Small & Medium-Sized Businesses report and found out that 49% of businesses have experienced ‘Web-based (web application) Attack’ and noted these attacks as the most common threat facing businesses today. Even Gartner stated that 70% of all security breaches occur due to vulnerabilities within the web application layer.
However, many SMEs tend to ignore an investment in application layer technologies given the perception that their web presence is not significant enough to attract hackers’ attention. SANS Institute’s IT Security Spending Trends reports that companies still spend more on wireless security and network traffic visibility, which suggests that they still consider their network defenses the best means of protecting their sensitive data. Given that the majority of security vulnerabilities exist at the application layer, it’s imperative that SMEs start looking beyond the traditional security approach restricted to the network layer. They must have a plan to manage their web presence.
The ideal solution would be to develop and manage an in-house application security program but given the lack of expertise and budget, this initiative is not tenable for most SMEs. With security costs going up and a dearth of cybersecurity talent in the marketplace, SMEs can’t compete large enterprises to find and retain talent.
Companies need a holistic application security approach to overcome the challenges of hiring & managing trained security staff without enterprise-level costs.
Indusface AppTrana helps achieve 360-degree of web application security with detection, protection, and monitoring of web applications a fraction of the cost of hiring an in-house team. Offered as a service, it includes web application scanning, malware scanning, defacement monitoring, web application firewall, penetration testing, and remediation along with full management of the operation using subject matter experts.
This post was last modified on May 19, 2021 12:58
A Managed WAF is a comprehensive cybersecurity service offered by specialized providers to oversee, optimize,… Read More
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More
