webinar: it security at smbs: 2016 benchmarking survey

IT Security at SMBs:2016 Benchmarking SurveyConducted by:Osterman Research, Inc.

©2016 Osterman Research, Inc.

Sponsored by:CYREN, Inc.

Today’s Speaker Today’s Host

Michael OstermanPrincipal Analyst

Osterman Research, Inc.

John CallonSenior Director of Product Marketing

CYREN, Inc.

©2016 Osterman Research, Inc.©2016 CYREN Ltd. All rights reserved.

About Osterman Research

• Focused on the messaging, Web and collaboration industries

• Practice areas include archiving, security, encryption, content management, etc.

• Strong emphasis on primary researchconducted with decision-makers andinfluencers

• Founded in 2001

• Based near Seattle


About CYREN

500K+ Threat collection points

600M+Users protected

17B+Daily transactions

130M+Threats blocked daily

DATA CENTERSThe World’s Largest Security Cloud

Background on the Survey

• A total of 308 online surveys were conducted during June 2016

• Three groups were targeted for the survey:• 100 to 500 employees• 501 to 1,000 employees• 1,001 to 3,000 employees

• In order to qualify for the survey, respondents had to be knowledgeableabout computer/cyber security issues and security-related decision-makingin their organizations.


71% had a security breach or infection in the past year

• 43% of SMBs experienced a phishing attack during the previous 12 months

• Malware infiltration: 36%

• Ransomware attack: 23%

• Breach of sensitive or confidential data: 18%

• Targeted attack: 17%


Poll

• Which of the following is your biggest security problem right now?

• Breaches of sensitive or confidential data• Phishing attacks• Targeted attacks/zero-day exploits• Ransomware• Other

Leading Areas of Security Concern

• Malware infiltration through email (75% indicated this is an area about which they are are concerned or extremely concerned)

• Malware infiltration through Web surfing (74%)

• Breaches of sensitive or confidential data (70%)

• Phishing attacks (68%)

• Targeted attacks/zero-day exploits and ransomware(both at 65%)


Where Do Organizations Think They’re Doing Well?

• Employees surfing porn (60% believe they are well or extremelywell protected)

• Malware infiltration through email (57%)

• Malware infiltration through web surfing (55%)

• Malware infiltration through SSL web surfing (50%)

• Ransomware (49%)


Cyren Security Gap Index

Biggest problems IT managers want solved• Sensitive data breach• Phishing attacks• Zero-days Perceived

protectionHighest concern

Cyren Security Gap Index

A breach of sensitive or confidential data 45% 70% 1.56Phishing attacks 47% 68% 1.45Targeted attacks/zero-day exploits 45% 65% 1.44Malware infiltration through web surfing 55% 74% 1.35Ransomware 49% 65% 1.33Malware infiltration through email 57% 75% 1.32Malware infiltration through SSL web surfing 50% 60% 1.20Botnets 44% 52% 1.18Malicious activity from insiders 45% 50% 1.11“Shadow IT” – employees using unauthorized cloud services 42% 43% 1.02Employees watching video content 42% 32% 0.76Employees using social networks 47% 35% 0.74Employees surfing porn 60% 37% 0.62


SMBs Have Limited Dedicated IT Security Staff

Nearly 50% of SMBs have no more than two security-focused IT staff members

73% of small SMBs (100 to 500 employees) have two or less security-focused IT staff members


Security Costs are Climbing

The typical SMB has seen an increase in their security-related costs during the past 12 months

At that rate, security costs will increase by 129% in just four years


IT Spends Lots of Time Mopping Up

Average IT staff time to respond to a major breach: 56.2 person-hours

Following a major security breach, a large SMB will spend nearly two person-weeks remediating its aftermath


Over half of SMBs doing SSL inspection

• URL filtering (deployed by 73% of SMBs)

• Inline anti-virus/anti-malware (71%)

• SSL inspection (56%)

• Data loss prevention (50%)

• Malware forensic reports (44%)

• Application control (43%)


Poll

• Do you believe that endpoint protection is sufficient to protect your users from web security threats?

• Yes• No• I have no clue

Is Endpoint Protection Sufficient?

Overall, SMBs are evenly split about the necessity of doing anything beyond an endpoint solution to protect users

The larger the SMB, the less confidence there is in endpoint protection


Preferences for Delivery Models

A preference for on-premises web security solutions continues: 67%

But cloud-based is preferred or no preference by a notable proportion of SMBs: 32%


Use Cases for Web Security

• For web security use cases beyond bread-and-butter main office network protection, the priority use cases for web security are protecting laptops and mobile devices when off-network

• Nearly half have implemented Guest Wifinetwork protection

• IoT devices ~1 in 4


The Market is Fragmented

• Most segments of the web security marketare highly fragmented

• There are a few vendors that have a significant share of some aspects of the SMB web security market

• Firewall/UTM• Endpoint protection

• Many SMBs have not implemented key websecurity capabilities that could protect theirorganization


Secure Web Gateway Vendors

• 47 different vendors among responses• Only nine broke the 2% market share “barrier”• >40% “Other”


Network Firewall/UTM Vendors

• Cisco at 30%• >40% other


Endpoint Anti-Virus Vendors

• Symantec + Intel Security/McAfee = 46% of market


Network Sandboxing Vendors

• 55% do not use sandboxing


Cloud Access Security Brokers

• 60% do not use a CASB solution


DNS-Based Security Vendors (DNS Firewall)


Secure Email Gateway Vendors


Data Loss Prevention Vendors


For More Information

Osterman Research, Inc.+1 206 683 5683+1 206 905 1010info@ostermanresearch.comwww.ostermanresearch.comostermanresearch.com/wordpress/@mosterman


Cyren, [email protected]/company/[email protected]

http://www.cyren.com

Questions?


webinar: it security at smbs: 2016 benchmarking survey

Internet