A recent “The State of Mid-Market Cybersecurity: 2017” survey by Arctic Wolf Networks shows that 95 percent of IT professionals in mid-market companies believe they have an above-average security posture. 89 percent are confident that they have products in place to combat all cybersecurity threats, and 90 percent believe they are adequately staffed.
Yet their answers to other questions seem to undermine that high level of confidence about security. Nearly three-quarters of respondents (72 percent) expressed an inability to focus on security as much as they should. Should a zero-day attack occur, only 37 percent felt prepared to stop it. The fact that 77 percent of all security alerts take an hour or more to investigate is concerning, but respondents said that 13 percent alerts are not followed up on at all.
Arctic Wolf also asked about security spending. Only 26 percent of respondents said they are able to spend whatever they need to on security. While 43 percent said they are spending enough, 51 percent agreed with the statement, “My company should assign more budget or resources to cybersecurity.”
IT staff feel unprepared to adequately assess and respond to their companies’ security needs, according to the survey. Half of the respondents agreed with the statement, “Security is so complex, I don’t know where to start to improve my organization’s security posture.”
The survey results confirm what many security professionals believe: That most companies are not as prepared as they think they are for today’s cybersecurity threats. Granted, Arctic Wolf sells a security operation center-as-a-service product and has a vested interest in promoting the need for better readiness, but the results seem credible.
This survey focused on mid-sized companies, which presumably have resources–including dedicated personnel–to devote to security. For smaller, local companies that the dealer community serves, the situation has to be more concerning. “The challenge smaller enterprises face is that they have all the same security challenges as large enterprises with only a fraction of the budget and less skilled personnel,” Arctic Wolf CEO Brian NeSmith was quoted in the survey.
That spells opportunity for dealers selling security services, and the survey gives clues as to the questions to ask prospective clients when the internal IT team feels the company’s security is adequate. For example:
- What is your response time to security alerts?
- How would you respond to a zero-day attack? How would you detect one?
- How much time do you or your team devote to security?
- How well do you keep up with information on new security threats?
- Do you have a roadmap for developing your company’s security infrastructure?
Questions like these are bound to surface inadequacies in the company’s security efforts and create an opening for your sales team. The survey suggests that lack of knowledge prevents some companies from taking more effort and devoting more resources to cybersecurity. A trusted advisor who can educate the client and propose a plan would have an advantage.