What can we say about 2020 that hasn’t already been said? Beliefs were shaken. Values were questioned. Truths were tested. Then COVID happened and things really got crazy.
The World Health Organization declared the coronavirus outbreak a global pandemic on March 12, 2020. That same day cybersecurity got flipped on its head.
Entire businesses had to transition from mostly in-person workforces to mostly remote. Even schools and hospitals transitioned to online instruction and virtual doctor visits. Sysadmins had to contend with more endpoints, spread across more locations, giving cybercriminals a whole lot of new ways to attack a network. And attack they did.
Heading into 2020, hackers mostly preferred sneak attacks powered by some form of automated malware like a Trojan, carrying a secondary payload, often ransomware. Several months later, hackers were bashing down the front door, favoring brute force attacks on Remote Desktop Protocol (RDP) clients.
What a difference a year makes.
That got us thinking. In light of these dramatic changes to the threat landscape, what is the current state of trust and confidence when it comes to IT security professionals and their corporate endpoint protection?
The good news and bad news from the front line
The Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021 is a first-of-its-kind survey of the hardworking IT professionals on the front lines of the fight against cyberthreats.
We spoke with 704 CIOs, IT directors, sysadmins, decision makers, and heads of security from businesses across the US, ranging in size from 50 to 999 employees. What did we find?
Let’s start with the good news.
In spite of everything that happened in 2020, stalwart SMBs remain confident that their endpoint protection can handle whatever threats come their way. The vast majority, 95 percent, say they trust their vendor to provide effective cybersecurity. At the same time, more than 90 percent also say their endpoint protection is effective and they’re confident it protects against dangerous threats.
That’s some unusually high trust and confidence going on here.
Could this be an example of security hubris (i.e., overconfidence in limited or untested security measures) or can we count on optimistic SMBs as a reliable barometer for overall trust and confidence in the world of technology and e-commerce?
That leads us to the bad news.
Almost half of SMBs, 47 percent, say the endpoint security products they hold in such high regard are very complex and hard to manage. And only a third, 36 percent, of SMBs expected those same endpoint security products to detect every single threat.
Going one step further, a full 56 percent of respondents said it’s not a matter of if but when their organization suffers a successful attack or breach.
Clearly, there’s some cognitive dissonance happening. What SMBs want to believe about their endpoint protection is at odds with what they’re actually experiencing.
We attempted to discover the truth of the matter with even more questions:
Q: Are malware threats harder to stop than in years past?
A: Definitely.
Q: Has your endpoint protection product ever failed to detect a threat?
A: Uh-oh.
Q: Have you tested your endpoint protection product to see if it is detecting cyberthreats in the past 12 months?
A: Mostly yes, but testing methods vary and each has its flaws.
Q: What’s at stake if your organization comes under any cyberattack?
A: Depends on the size of the organization.
Q: Are you satisfied with the performance of the endpoint protection provider?
A: Yes, with some serious caveats.
Q: How does your endpoint protection fall short?
A: Reasons vary, but SMBs know a good deal when they see it.
Q: Do hackers prefer to target bigger organizations?
A: Everyone thinks they’ve got a target on their back, regardless of size.
The complete answers to these questions and many more await curious readers in Malwarebytes’ SMB Cybersecurity Trust & Confidence Report 2021.