SMBs are more proactive yet still aren’t patching cybersecurity gaps caused by the “human factor” — that is, based on human psychology and behaviours.
That’s according to Alex Cox, a cyberthreat specialist at password management software vendor LastPass.
“Smaller entities are often seen as gateways to larger organizations within the supply chain, making them potentially lucrative targets for attacks,” Cox writes on the LastPass website.
“The widespread use of password managers within SMBs is a positive sign, yet nearly half of the breaches reported by the respondents involved compromised passwords.”
Cox based his conclusions partly on 2023 data-breach statistics released by Verizon, citing figures including the claim that 98% of cyberattacks on SMBs were financially motivated, with some 54% involving compromised credentials.
LastPass also surveyed 600 business and IT security leaders from companies with fewer than 3,000 employees, finding that SMB leaders believe that “human factors are still creating serious security gaps”.
“The most salient phenomenon the survey identified is the accountability disconnect between executive actions and employee behaviours,” Cox said.
“Only 78% of non-IT leaders believe employees understand the security expectations of their jobs; one in five business leaders admits to circumventing security policies (as well as) one in ten IT security leaders.”
Additionally, the respondents believed that one in four younger workers were likely to break policies, with more than a third (36%) of “professionals” from so-called Generation Z – often defined roughly as people born between the mid-1990s and early 2010s – admitting to writing down their passwords.
At the same time, 92% of company executives, including 93% of IT leaders, claimed that employees “understand security expectations”.
“The survey suggests that while financial investments in cybersecurity are increasing, qualitative investments are equally crucial,” Cox said. “SMBs have a growing target on their backs.”
LastPass said it was rated a top password manager by reviewers in the G2 spring 2024 global grid.
SMBs should enhance cybersecurity by focusing on policy improvements, employee education, and a culture of security awareness. Company executives are increasing their focus on cybersecurity, 82% of businesses reporting that they are boosting cybersecurity budgets, he added.
Read the full LastPass blog post on achieving better practice.
( Photo by rc.xyz NFT gallery on Unsplash )