Manual processes, security complexity, and a lack of support from business management plague SMBs. Credit: Zapp2Photo / Getty Images Hello, dedicated readers! My blog is back from a restful week’s vacation on Cape Cod and ready to tackle the falling leaves, changing temperatures, and cybersecurity issues of autumn.Back in August, I wrote a few blog posts about cybersecurity trends in small and mid-sized organizations (i.e. between 50 and 499 employees). The first blog post looked at the state of cybersecurity at SMBs, and the second post examined what SMBs are doing to address these issues.Top cybersecurity challenges at SMBsAside from security incidents and subsequent actions, what are the major cybersecurity challenges experienced by small and mid-sized organizations? ESG asked this question in a survey of 400 IT and cybersecurity professionals working at SMB firms. (Note: I am an employee of ESG.) The results are as follows (multiple responses were accepted):28% of respondents say their biggest cybersecurity challenge is that their organization depends upon too many manual or informal processes for cybersecurity.27% of respondents say their biggest cybersecurity challenge is that it is difficult to manage the complexity of too many disconnected cybersecurity tools.27% of respondents say their biggest cybersecurity challenge is that business managers don’t understand or support strong cybersecurity.25% of respondents say their biggest cybersecurity challenge is that their organization doesn’t provide an appropriate level of cybersecurity training for non-technical employees, leading to increased risk.24% of respondents say their biggest cybersecurity challenge is that their organization lacks the right skills to deal with modern types of cyber threats.These challenges are understandable. In the past, security was thought of as an IT afterthought at many SMBs. Consequently, these organizations purchased security products on an ad-hoc basis with no central strategy, while cybersecurity responsibilities were often delegated to an interested IT employee who was simply told to do his or her best without disrupting the business. Employee training was often either neglected or guided by regulatory compliance requirements and little else. Given that the ESG research reveals that two-thirds of SMBs have experienced at least one security incident over the past two years, it’s high time to abandon this laissez-faire attitude. This means creating a cybersecurity strategy that aligns with the business mission, formalizing processes, investing in skills development, and getting executive management onboard. Like it or not, strong security has become a required utility — the cost of doing business. If you must do something (such as cybersecurity) to achieve business success, you may as well do it well. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe