The cyberskills gaps is well reported and new research from IONOS Cloud has highlighted that more than 40% of IT decision-makers surveyed admit to their business having a cybersecurity skills gap. Intelligent SME.tech finds out more about the research and hears from Peter Prahl, SVP International and Digital Cloud, IONOS, about how it impacts SMEs.
New research from a leading provider of cloud infrastructure and cloud services, IONOS Cloud, has found that over 40% of IT decision makers (IT DMs) surveyed admit to their business having a cybersecurity skills gap, with a third (34%) saying this is putting their organisation at risk of security threats. Additionally, four in 10 of those surveyed say they are facing a skills gap in data protection or cloud knowledge and understanding.
Worryingly, a quarter of those surveyed also state that the business they work for isn’t as secure as it needs to be (25%) and that their organisation is not adhering to necessary legislation (25%).
When stating what they feel are the biggest threats to a business’s IT security at this time, respondents said increased DDoS attacks (35%), phishing and scam attacks (35%), employees downloading unapproved apps (33%) and employees not storing data correctly (32%).
The research, which was conducted by Censuswide on behalf of IONOS Cloud, polled 609 IT decision makers. The aim was to better understand the current challenges businesses are facing in the wake of the pandemic and where cybersecurity and data protection standards are sitting on business IT priority lists.
While the skills gap is a clear issue, encouragingly, many businesses do in fact recognise the importance of cybersecurity, with more than three quarters of those asked (76%) saying it is either the top priority (34%) for their business or within the top three (42%).
However, when asked about cybersecurity risk assessments, there was a real disparity in responses. Remarkably, only one third of those surveyed have conducted one in the past 12 months. A further 16% have conducted one more than five years ago and have no plans to do one in the future and 12% have never conducted one and don’t plan to. These findings demonstrate a lack of understanding regarding the importance of risk monitoring – which can often highlight new security issues teams may not be aware of.
“What’s clear from the new insights is that businesses understand the importance of both cybersecurity and data protection, but missing skillsets are leaving organisations extremely vulnerable. That’s why it’s vital companies put measures in place to plug these gaps and don’t hesitate to work with external expertise to ensure businesses are protected,” said Achim Weiss, CEO of IONOS.
Weiss added: “When it comes to withstanding a cyberattack, fortunately the pandemic has put this front of mind. Eight in 10 businesses say they feel prepared to handle one, despite any skills gaps they have, with the main reasoning being greater investment in secure cloud services (37%). While internal procedures like staff training are an important step in preventing attacks, seeking external support and services and working with designated providers can provide an extra layer of defence and much needed peace of mind.”
In addition, almost six in 10 businesses (58%) surveyed say they are putting more focus on adhering to data protection compared to before the pandemic. However, 13% are actually giving it less attention, with almost half (48%) selecting the main reason as time pressures and job workload meaning insufficient time to ensure the business is up-to-date with the latest protection legislation.
With the Information Commissioner’s Office setting significant monetary fines for breaches to GDPR law, businesses must ensure they are fully aware of compliance procedures and the latest legislative requirements to follow when handling personal data.
“When it comes to data protection, action must be taken to bridge knowledge gaps. IT teams are under great pressure to adhere to the latest legislation, but one way to help minimise risk when it comes to data is to work with European-based cloud providers that adhere to GDPR – rather than those that must also work under laws such as the US CLOUD act,” Weiss added.
Intelligent SME.tech spoke to Peter Prahl, SVP International and Digital Cloud, IONOS, to find out more about how the findings impact small and medium enterprises.
Are you able to highlight how these findings relate to SMEs?
The COVID-19 pandemic has placed digitalisation firmly in the spotlight. With more businesses than ever before operating online, hackers and scammers are looking to exploit organisations; especially those that are not adequately equipped to handle such an attack.
SMEs in particular are more vulnerable as they often face these challenges with smaller teams and new organisations might not be fully aware of the risks that currently exist within their businesses. Cybersecurity skills shortages, as well as lack of knowledge around data protection legislation, are therefore issues that every business must pay attention to.
Why is it important that SMEs understand the issues around the IT skills gap?
These skills gaps are leaving organisations, especially SMEs, extremely vulnerable to disruption and exploitation. Without the proper knowledge, SMEs are not able to understand where vulnerabilities may lie within their business, or how those gaps could be putting the business at risk.
For example, with many having set up new hybrid working models, this could result in more endpoint devices, such as laptops or smart phones, that haven’t got the right malware protection in place.
Not comprehensively understanding data protection laws can also put the business at risk through substantial fines. That’s why for SME’s there’s a vital need for education around storage best-practice and ongoing knowledge-sharing around how changing legislation could impact data storage for UK businesses. One option to immediately minimise risk for European businesses is to choose European providers that adhere to GDPR – rather than those that have to work under other legislation too.
By understanding the issues at play, and then exploring the solutions to the skills gaps, SMEs can take steps to ensure the business is as prepared as possible and can react effectively if a threat strikes.
How can SMEs with limited resources and budget ensure their teams are equipped with adequate cybersecurity/data protection knowledge?
One of the best ways to protect the business is to put in place a proactive, rather than a reactive, approach. Cybersecurity risk assessments are key to this strategy and SMEs who have not yet conducted an audit should do so. We’d recommend they are conducted yearly to factor in any changes across the business, like new software being used.
If businesses are unsure where to start, the UK government has resources available to help guide SMEs. The Cyber Essentials readiness toolkit gives guidance on creating a personal action plan to meet cyber security requirements. Following this, Cyber Essential certification schemes are also available to help ensure protection from cyber related attacks.
Additionally, those that factor cybersecurity into a wider business strategy will reap the rewards, such as investing in secure cloud services. It can feel like an added expense, but the protection and longer-term cost savings from a potential attack are worthwhile benefits.
Finally, SMEs should ensure an open dialogue with their employees to ensure cybersecurity and data protection knowledge is shared across the business – perhaps during regular training sessions, or via a company ‘champion’. Whether that’s to remind them of the basics, or to answer any new questions, it can help ensure cybersecurity and data protection best practices are front of mind, at all times.