Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals, according to Devolutions.
Ransomware payments and IoT malware incidents soar
Spikes in incidents such as ransomware payments and IoT malware attacks indicate that this year has been particularly challenging. The stakes are higher than ever, as technology — notably AI — serves as both a tool and a potential threat, underscoring the need to commit more resources to IT security and stay vigilant.
In 2023 alone, nearly 43% of all cyberattacks were directed at SMBs – with the monetary repercussions ranging from $120,000 to $1.24 million USD per episode, depending on multiple factors such as the volume of compromised records.
Devolutions CEO David Hervieux states, “The results from our survey dovetail nicely with October’s National Cybersecurity Awareness Month — as one of our primary goals with this report is to expand awareness of the vulnerabilities that many SMBs face. It’s not just about presenting stats but about truly educating the industry on the various pitfalls — and how SMBs can use the survey findings to identify gaps, develop strategies, and make informed decisions regarding their cybersecurity posture.”
When asked about their use of AI, 56% of respondents indicated that they were either very or reasonably confident in its security — but Devolutions urges caution in being too complacent with the security risks associated with AI.
According to Devolutions’ CISO Martin Lemay, “While AI is an exciting technology, it relies on enormous quantities of data, which is susceptible to being misused. Therefore, it is vital to establish adequate governance and rigorous data legislation to prevent abuse.”
SMBs urged to strenghten defense against cyberattacks
It’s not just AI in which SMBs are feeling overconfident. While nearly 80% of the respondents considered themselves well protected against cyber threats in general, less than 60% actually employ essential security tools like password managers, two-factor authentication, or cybersecurity training.
Various factors contribute to this disconnect between perception and reality — including the tendency to underestimate the evolving complexity of cyberattacks, which are becoming increasingly sophisticated. Employee behavior and a lack of adequate cybersecurity training can further weaken the defense infrastructure, as end users are commonly viewed as the most vulnerable element in the cybersecurity equation.
While the survey revealed an 8% increase in the deployment of Privileged Access Management (PAM) solutions from last year — and 95% recognize the importance of having a PAM solution in place — the flip side is that 35% of respondents reported negative experiences with their PAM solution.
This dissatisfaction could signify implementation challenges, solutions that were too complicated, or a lack of training. These findings underscore the importance of SMBs using an appropriate PAM solution tailored for their needs, rather than complicated PAM solutions that are designed for large enterprises.
A positive from the survey data is the increase in budget allocation for cybersecurity, with 51% of respondents now meeting the recommended spend — and 86% employing cybersecurity expertise either in-house or through external consultants such as MSPs and MSSPs.
Lemay summarizes, “We are in the era of the digital Wild West, where threats abound. SMBs must develop a defense capability to protect their interests and all their stakeholders against predictable opportunities for cyberattacks. Whether this capability is developed in-house or outsourced, cybersecurity expertise is crucial to health and well-being of SMBs’ future.”