Addressing the cybersecurity skills shortage in SMBs – Sophos News

The persistent global shortage of cybersecurity skills presents a significant challenge, especially for small and medium-sized businesses (SMBs). A new report, derived from a vendor-agnostic survey of 5,000 IT and cybersecurity professionals commissioned by Sophos, confirms that this skills gap disproportionately affects SMBs. The survey highlights that for smaller organizations, a lack of in-house cybersecurity expertise is seen as their second most significant cybersecurity risk, contrasting with larger companies where it ranks lower. Larger organizations face different risks, including shortages of cybersecurity tools and stolen access data.

The skills shortage in cybersecurity manifests through two primary issues: a lack of expertise and a lack of capacity. The complexity of modern cybersecurity challenges means that most small businesses struggle with at least one aspect of alert investigations, as reported by 96% of respondents. Furthermore, the necessity for 24/7 cybersecurity coverage intensifies the issue, with 91% of ransomware attacks occurring outside regular business hours. A troubling statistic reveals that SMBs do not have anyone monitoring alerts 33% of the time, making them particularly vulnerable.

The repercussions of this cybersecurity skills gap are dire for SMBs, which have a higher likelihood of suffering from data encryption in ransomware attacks—74% of such incidents lead to data encryption, attributed to weaker detection capabilities. Additionally, the constrained workforce increases the risk of talent burnout, leading to 85% of cybersecurity and IT professionals reporting fatigue across various SMBs in the Asia Pacific and Japan.

Addressing the skills gap presents its own challenges. Hiring additional staff is often infeasible due to budget constraints and the competitive nature of the talent market, where professionals tend to gravitate toward larger firms offering better growth opportunities. As a potential solution, the report recommends seeking third-party security specialists, such as managed detection and response (MDR) services and managed service providers (MSPs), which can enhance both expertise and capacity for SMBs.

MDR services provide around-the-clock monitoring and expert-led threat detection and response, allowing SMBs to offload cybersecurity management to external professionals. Meanwhile, many MSPs are increasingly adapting their services to assist with cybersecurity needs for medium-sized organizations, providing a combined approach to enhance security.

When selecting cybersecurity solutions, it is essential for SMBs to focus on those specifically designed for their operational context. Traditional solutions often cater to larger organizations with dedicated teams, leaving smaller entities unable to fully utilize these tools. Therefore, SMBs are advised to seek user-friendly and technically robust solutions that simplify administration and maximize return on investment. Features to prioritize include centralized management platforms and automated deployment settings that minimize manual intervention.

Sophos positions itself as a leader in addressing the cybersecurity needs of SMBs, drawing on considerable experience in safeguarding against sophisticated cyber threats. Key offerings include Sophos MDR, recognized as the most trusted in the industry, and an expansive portfolio of managed security services provided to over 7,000 MSP partners globally. The Sophos Central platform, characterized as the largest scalable cloud-native AI-driven platform, manages all next-generation cybersecurity solutions and integrates with various technologies to maximize customers’ existing security investments.

Sophos has designed its solutions specifically to support the unique needs of SMBs, ensuring ease of use and effective defense against cyber threats. Features like automatic deployment, centralized management, adaptive defenses, and real-time security visibility empower smaller organizations to strengthen their cybersecurity postures in light of current skill shortages. To explore Sophos solutions further, engagement with Sophos representatives or visiting their website is encouraged.