The increased use of digital technologies and the ever-evolving threat landscape have increased the interest of businesses in cybersecurity. General cybersecurity trends are making organizations more proactive as they now need to develop measures to protect themselves from rapid digitalization, and skills shortages amid continuing geopolitical and economic uncertainty. With the evolving cybercrime landscape, the biggest challenge for IT managers is how to protect their organizations in 2023. According to a survey by Kaspersky, SMBs, and enterprises are planning to increase their IT security budgets over the next three years to strengthen their cybersecurity posture.
Threats and concerns of SMBs and enterprises
Business continuity
Along with navigating and building resilience to business obstacles, cybersecurity risks continue to be a major concern for enterprises and small businesses. Malware and phishing attacks on customers’ accounts were the top threats companies faced in 2022.
Ensuring staff compliance
In 2022, IT security managers had to counter cyber threats due to cyber criminals trying to penetrate the company’s systems and employees violating IT security policies. 55% of corporations faced IT security policy violations by their employees.
Security issues of IoT infrastructure
Smart devices used by employees have become commonplace but have become a gateway for cyberattacks for both SMBs and enterprise customers. Companies faced an average of two incidents in 2022, that involved IoT (Internet of Things) sensors, IoT cloud services, and IoT networking devices.
The most challenging security concerns for SMBs now are programmable logic controllers (PLCs) (57%), and IoT cloud services (56%). For enterprises, most incidents affect cameras, IoT sensors, and IoT cloud services as well (54-56%).
Data protection and cybersecurity breach
55% of companies say that issues with data protection can be the most challenging. Data breaches caused either by cyberattacks (23%) or employees (22%) seem to be the most frequent security issue. As per 20% of surveyed employees, identifying and remedying vulnerabilities in IT systems is the next biggest problem. Communications (26%), product development and production (25%), and customer support (24%) were the most affected areas by cybersecurity breaches and intrusions.
Dependence on external IT professionals increase
The need to call external IT professionals to manage incidents involving non-computing and connected devices has increased. 44% of enterprise respondents say that such incidents have become a regular occurrence.
In the case of security issues related to cloud infrastructure, over 50% of respondents said incidents affecting virtualized environments involved an intrusion. 84% SMBs brought in external specialists to manage third-party cloud service incidents while 82% of enterprise operations reported incidents with third-party IT infrastructure.
The top three incidents that were reported as complex enough to require external IT-security experts affected:
- 76% of enterprise and 79% of SMB virtualized environments
- IoT cloud services (72% enterprise and 84% SMB)
- IT infrastructure (82% enterprise and 79% SMB)
Incidents that involved IT security policies violation and inappropriate use of IT resources by employees required less external assistance.
Global IT security budget to increase
Cybersecurity budgets will again increase for both SMBs and enterprises. In 2022, the average IT budgets were US$12.5 million for enterprises and $375,000 for SMBs. Both SMBs and enterprises will grow their IT security budgets by 14% over the next three years. A major factor driving IT security budget increase is the risk due to geopolitical or economic uncertainty as reported by 36% of SMBs and 39% of enterprises.
Information security is essential for business continuity. With IT Infrastructure becoming increasingly complex and cyberattacks more sophisticated, businesses need to be more aware of cybersecurity practices to protect the assets within the organization, including computers, data, and users, and must expand their cyber defense to the limit of all possible attack vectors. Some states require organizations to be more cyber and data secure. This may include requiring a designated person for the role or even implementing new rules for an entire vertical or industry. All these are factors influencing growing security budgets.
Even as the cyber-threat landscape continues to be challenging and attacks on businesses persist, the increasing IT spending on the management of security incidents and breaches looks positive as businesses are taking a more proactive stance on cybersecurity.
Source: Kaspersky
Read next: US cybersecurity space posted jobs index up by 36% YoY in December 2022, finds GlobalData
