Security Challenges Hindering Post COVID Growth of Small and Medium Sized Business

Despite being the highest IT investors worldwide, Singaporean small and medium sized businesses (SMBs) are not prepared for the increased cyber risks that come with growth 

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, has released the results from a new survey of the SMB cybersecurity market, conducted by research firm Analysys Mason. It sought to uncover how SMBs are emerging from the pandemic, and how their business and technology needs are changing. The survey revealed that SMBs understand the need to invest in technology, evident in SMBs in Singapore pacing their worldwide counterparts with the highest increase in IT investment (+0.8% compared to +0.3%). This spending is aimed to support growth in the world of hybrid working, but unfortunately, many fail to prioritize their security. 

The survey reflects that a majority of organizations including SMBs have embraced cloud, mobile, and SaaS technologies in recent years. Compared with pre-pandemic levels, there has been an increase in IT spending  to drive business growth. For example, SMBs in Singapore expect to have a 73% increase in their IT budgets over the next 12 months. SMBs have accepted that the hybrid work model is here to stay, and have increased their investment in communication technologies and services to support remote workers. In Singapore, 55% of SMBs have adopted either a hybrid or fully work-from-home model for their businesses. Measures have been made to help remote employees, with 44% of SMBs in Singapore purchasing new laptops and 32% offering financial support for home broadband. With remote workers using home and office access points, the attack surface has expanded thereby increasing the risk of cyberattacks. With the increase in supply chain attacks across the industry, cyber criminals are increasingly using more vulnerable SMBs as an entry point into larger enterprises. SMBs in Singapore are such targets, with 66% of remote employees not mandated to go through added security training measures. This approach wreaks havoc on both the SMBs, and all the enterprises they interact with. 

Given the global cybersecurity skills shortage, SMBs are struggling to properly secure their critical assets, making them a growing target for cybercriminals. Larger enterprises usually have bigger IT budgets and security resources, so they can recover more easily from a cyberattack.  For SMBs, a cyberattack can be fatal to their business. The survey found that two of the biggest impacts that cyberattacks have on SMBs include lost revenue (28%), and the loss of customer trust (16%). 

The survey of 1,150 small and medium sized businesses across Singapore, the US, Germany, and the UK, also revealed: 

• SMBs struggle with a lack of expertise and require additional support: Less than a quarter (22%) of respondents felt they were extremely well protected against cyberattacks, and only a minority have internal security specialists or are working with a third party. This means that a large number of SMBs either have no security products in place or these products are managed by non-specialist staff. While there is a significant rise in the number of SMBs working with Managed Service Providers (MSPs) to help address IT issues, around a third of respondents noted they would like additional help from their MSP in upgrading security. In Singapore, remote IT support and upgraded security are the commonly cited areas where service providers can provide assistance.

• Cybersecurity as an investment: The SMBs surveyed clearly recognized the disastrous effects of a cyberattack on their company but seemed to agree that they had inadequate security budgets. Security vendor solutions priced beyond their budgets was identified as a key challenge to having effective cybersecurity capabilities. Something has to change, to enable SMBs to take a longer-term view of the value of cybersecurity so that they can invest today to protect their growth tomorrow.

• SMBs are adapting to the ‘new normal’ but mobile security is lacking: SMBs are expecting 40% of their employees to continue working remotely for at least some of the time. The highest priority in all countries was to ensure that IT can be managed and supported remotely, validated by additional laptop purchases and increased VPN capacity. However, the survey also shows that the take up rate of even basic security products is low. The most adopted service, endpoint protection, is only used by 67% of respondents and less than half have any form of mobile security. 

Teong Eng Guan, Business Leader, ASEAN & Korea at Check Point Software said: “It is reassuring that SMBs in Singapore have increased their investment in cybersecurity to the highest in worldwide levels to support business growth and the new hybrid work model, but having the correct mix of security products is only part of an effective strategy. Because there is a shortage of cyber security workers for SMBs, they require security solutions that deliver proven threat prevention, are extremely simple to deploy and manage, and offer the flexibility of an ‘all-in-one’ solution that combines security and internet connectivity.”

He continued, “SMBs should also be looking for a consolidated and unified security suite that achieves a high level of protection across their network, endpoints, mobile and email.  SMB security providers should use a prevention-first approach and one that cuts down TCO, by reducing the need to manage additional staff or security expertise. SMBs should also consider leveraging third party managed service providers to gain access to experienced cybersecurity professionals at an affordable cost. Third party advisors can provide expert advice on the best security solution for each SMB along with training and ongoing support.”