Why many small and midsized businesses remain vulnerable to cyberattack

Budget limitations and a lack of knowledge or training are two major factors hurting many SMBs, according to a survey from Untangle.

Why cybersecurity is a big problem for small businesses Cybersecurity attacks can cripple small businesses that aren't prepared. TechRepublic's Karen Roby talks with a security expert about ransomware, phishing attacks, and inadequate IT defense plans.

Small and midsized businesses (SMBs) sometimes lack the internal skills and staff to fully handle their cybersecurity, prompting them to outsource their security protection to channel partners.

Though such partners are increasingly adding security to the mix of services they offer, businesses can still be vulnerable to cyberattack due to certain internal limitations and barriers. 

A survey of channel partners conducted by Untangle, a network security manager, reveals some of the security obstacles faced by SMBs and the types of threats they'll likely face in 2020.

SEE: Tech budgets 2020: A CXO's guide (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) 

Released on Thursday, Untangle's second annual "Voice of the Channel" report cited budget constraints and a lack of knowledge as the top barriers faced by SMBs in tackling cybersecurity. 

A limited time to research and understand new threats, a lack of people to monitor and manage security, and rogue employees were also mentioned as obstacles.

Channel partners are sometimes the first and only line of defense against a cyberattack. But unless SMBs realize they're at risk, often channel partners are called only after an attack has occurred, according to Untangle. 

Yet even businesses that use a channel partner can be open to attack. Among the channel partners surveyed, 44% said that their customers still fell victim to a cyberattack after hiring a partner. And that's often due to internal reasons.

In one specific example given by Untangle, Landry's Restaurant suffered a security breach in 2015, which affected several of its restaurants by targeting point-of-sale (POS) systems and stealing customer data.

To resolve this vulnerability, Landry's deployed an encrypted endpoint security system on all its POS devices across more than 500 locations. But in December 2019, Landry's was hit by another breach, which affected the payment cards of its customers. 

Why hadn't its endpoint security system prevented this one?

Not all employees were using the new system. Instead, employees had different options for processing payments, not all of which had the same level of encryption. Even though the company had invested its money into a new security system, it was not used universally, according to Untangle.

By not supported all card-reading devices with the same type of strong encryption and by not spending the time and resources needed to properly train employees, Landry's opened itself up to further attacks, according to Untangle.

Budget constraints and a lack of employee knowledge contributed to another breach, Untangle said.

In 2019, SMBs were hit by a rise in cyberattacks. Specifically, the channel partners surveyed saw phishing and malware as the top types of attacks, followed by ransomware, crypto jackings and Distributed Denial of Service attacks.

For 2020, the channel partners surveyed see more of the same. Among the respondents, 46% predict ransomware will be the top threat this year, followed by 25% pointing to phishing attacks. Bring Your Own Device security risks, crypto jacking, and rogue insiders also were cited as threats to look out for.

Also see

cybersecurityistock-1132228216valerybrozhinsky.jpg

Image: ValeryBrozhinsky, Getty Images/iStockphoto