For SMBs in particular, the report claims that the biggest obstacles to better security practices include budget constraints (40 percent), compatibility issues with legacy systems (34 percent) and competition priorities (25 percent).
“SMBs continue to have less money to spend on security and this will only get worse,” Sikking adds.
“In New Zealand they usually don’t have an executive with direct responsibility for security and are unlikely to use external help for advice, monitoring and auditing.
“The flip side is that SMBs are moving to managed and cloud services, primarily for cost savings, but getting an added security benefit.”
Managed Services
As part of a trend to address the talent shortage, enterprises of all sizes - SMBs included - are realising the value of outsourcing services to balance their security portfolios.
According to the report, this includes consulting, security auditing and incident response.
SMBs, which often lack resources for an effective security posture, are improving their security approach, in part, by outsourcing, which is up to 23 percent in 2015 over 14 percent the previous year.
“New Zealand continues to box above our weight when it comes to embracing cloud and managed services,” Sikking adds.
“Often cost savings are the biggest driver, but there are many services where companies just don’t have the skills in-house and it makes sense to pay a third-party provider to manage the technology and provide a Service Level Agreement (SLA) along the way.
“Firewall, IPS and content security are three popular security tools that are trusted to third parties, of course, SMBs can outsource the management of technology, but not the accountability of securing your organisation.”
Ageing Infrastructure
At present, businesses continue to be up against security challenges that inhibit their ability to detect, mitigate and recover from common and professional cyberattacks.
In short, the report claims that ageing infrastructure and outdated organisational structure and practices are putting them at risk.
Between 2014 and 2015, the number of organisations using up-to-date security infrastructure dropped by 10 percent, with 92 percent of Internet devices currently running known vulnerabilities.
Delving deeper, the report shows that thirty-one percent of all devices analysed are no longer supported or maintained by the vendor.
“Ageing infrastructure is a symptom of a wider problem,” Sikking explains. “It shows up the immaturity in the processes organisations are using to maintain their systems.
“The fact that 92 percent of devices were running known vulnerabilities or not patched should be seen as a bellwether for all other systems, including the policies and rules used to secure the network (Firewall rules and IPS signatures), as well as the software, operating systems and hardware.”
In New Zealand, and reflective of global market trends, malware continues to be the biggest concern impacting enterprise, followed by phishing and Advanced Persistent Threats.
“This holds true for New Zealand,” Sikking adds.
“The biggest vulnerability, however, is not patching and maintaining our systems (firewall rules, IPS, applications, software, OS and even hardware) - relatively simple actions that could significantly reduce risk.”