News

Sophos reveals disconnect between growing security demands and ageing security infrastructue

MSPs
93 percent of small and mid-sized businesses must tailor security for remote workers, and more than half predict it will cause a threat to security, research from Sophos reveals.

Sophos announced the results of a survey of 571 IT managers and directors across North America, Europe and Australia. The survey revealed, among other issues, that SMBs are struggling to keep IT infrastructures up to date with current working practices and more advanced threats. According to the survey, conducted for Sophos by Vanson Bourne, 93 percent of SMBs are integrating remote working policies into their security provision, with more than half of respondents (52 percent) expecting to improve security precautions to mitigate additional risks posed by remote working. Wireless networks are also an issue, with only a fifth (21 percent) being very confident in their security. The research also found that, on average, firewalls were five years old, and that one in five respondents had suffered a network outage caused by a malware infection in the last 12 months. Both highlight the daunting task of keeping up with the latest technologies and threats.

Other findings from the research include:

More than a third (36 percent) of businesses struggle with applying consistent security policies across all offices

More than a third (37 percent) of wireless networks provide only an 'acceptable' level of coverage at best

When choosing a network security solution, the highest priority for SMBs is a low cost of ownership (30 percent), followed by ease of use (24 percent), and support offered (22 percent)

34 percent of respondents had their network firewall for five years or more

"Trends such as remote working, mobile and cloud are having a huge impact on the way small and medium sized businesses think about protecting their networks," said Gerhard Eschelbeck, CTO at Sophos. "For SMBs, it is critical that any network security solution has both the ease and simplicity of a one-size-fits-all approach, yet still addresses the specific vulnerabilities of each device or mode of working, as well as every access point on the network."

Challenges

Growing threats and unprepared networks are particularly troubling, given the breadth of challenges that are now facing SMBs. With regard to network security, 44 percent of respondents cited the growing need to use cloud-based services as a major concern; 39 percent were worried about sophisticated threats; 39 percent about managing mobile devices; and a further 35 percent saw data loss as a significant challenge. These concerns are justified given that one in five of those surveyed had been infected by malware that brought down their network within the last 12 months. With the increased frequency of cyber attacks and methods to penetrate the corporate network, improvements need to be made across the board.

"Companies are reevaluating how they tackle IT security. A fragmented approach is consistently leaving networks vulnerable to attack, as new technologies such as cloud, and new devices such as mobile, require more advanced security architectures," continued Eschelbeck. "For many, it is time to take a more holistic approach to IT security, one that ensures all elements of protection function seamlessly together."

The research also revealed some encouraging statistics, in particular regarding IT budgets. Nearly half (44 percent) pointed to investment in IT, including virtualisation (48 percent), cloud computing (44 percent), remote working (44 percent) and improvements to the wireless network (49 percent). The vast majority (70 percent) of companies are also planning to support this with further investment in security.

"It is encouraging to see companies planning to invest in IT infrastructure. Any technology additions will have a significant impact on the security infrastructure, and with 70 percent planning to increase their IT security budget in the coming year, it is vital that this investment ensures the security fabric of the entire business is as robust as possible and able to support new and evolving technologies," concluded Eschelbeck.