Biometrics widely deployed for security in Benelux amid dramatic increase in targeted attacks on SMBs
Biometrics use is increasing as the frequency of targeted and sophisticated cyberattacks on small and medium-sized businesses (SMBs) has recorded a dramatic increase for the third year in a row, found a global survey of over 2,000 IT and IT security specialists in the U.S., UK, DACH, Benelux, and Scandinavian countries (Denmark, Norway, and Sweden), conducted by the Ponemon Institute and commissioned by Keeper Security.
The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses says that as many as 66 percent of SMBs worldwide have experienced a targeted breach in the past year, out of which 76 percent were located in the U.S., compared to 55 percent reported by the Ponemon Institute in 2016. Overall, the U.S. has been the most targeted region with 82 percent of SMBs reporting an attack.
Compared to other regions, U.S. companies are more likely to fall victim to an attack caused by an insider threat (77 percent), while only 40 percent were caused by an external hacker. They are more confident in their in-house security teams and they spend less than 20 percent of their overall IT budget on security. Companies in the Benelux experienced 20 percent fewer attacks compared to those in the US.
Biometrics are turning into a more common point of interest for SMBs, as 75 percent either already deploy biometric technology for identification and authentication or want to in the near future. Benelux has the highest use of biometrics (51 percent) compared to any other region in the survey.
Incident response plans are critical for organizations to mitigate, contain and recover from network breaches. However, almost half of respondents think their company’s IT strategy is “ineffective” and 39 percent do not even have an incident response plan set up.
“Cybercriminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs,” said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. “’The 2019 Global State of Cybersecurity in SMBs’ report demonstrates cyberattacks are a global phenomenon — and so is the lack of awareness and preparedness by businesses globally. Every organization, no matter where they are, no matter their size, must make cybersecurity a top priority.”
Hackers have improved their methods over the years, actively integrating phishing attacks (57 percent), they manipulate compromised or stolen devices (33 percent) and resort to credential theft in 30 percent of cases. As a result, as many as 63 percent of enterprises that suffered an attack said it resulted in sensitive data loss. Targeted data typically included customer and employee information. In the UK, web-based attacks (49 percent), phishing (48 percent), and general malware (42 percent) were the most common types of cyberattacks.
“More businesses are experiencing highly-targeted, sophisticated and severe cyberattacks than ever before, yet the results of our study show they aren’t doing enough to close the gap,” said Darren Guccione, CEO, and co-founder of Keeper Security. “We sponsor this annual research with Ponemon because we want SMBs to understand that no target is too small for cybercriminals and it’s not enough to simply be aware of the cyberthreats that exist. It’s absolutely critical that these businesses take the next step toward cybersecurity preparedness and get a strong prevention strategy in place.”
Although new technologies are still in a grey area when it comes to data security and legislation, companies are eager to integrate IoT, biometrics, and mobile devices into their infrastructures. The survey found that almost half of respondents use mobile devices to access most of their business-critical applications, even though they are aware they could be increasing the risk of targeted attacks on their organization. While some 80 percent believe vulnerable IoT devices could expose their companies to a “catastrophic” attack, only 21 percent keep track of and monitor IoT devices linked to their organization’s network.
SMBs in the DACH region are the most interested in training their employees and third-parties about IoT risks and 27 percent have taken measures in this direction. They are, however, less interested in the risks of employee passwords getting stolen or compromised, compared to almost 70 percent of companies in the Benelux that believe passwords play a key role in a security strategy.