"Skills Shortages Now a Top-Two Security Risk for SMBs"

According to a new study by Sophos, a shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors.  Security researchers at Sophos polled 5000 IT and security professionals in 14 countries, 1402 of whom work in organizations with 100-500 employees, to compile its report: "Addressing the cybersecurity skills shortage in SMBs." The study revealed that a shortage of security skills is now ranked by SMBs as their second top cyber challenge after zero-day threats, while for organizations of over 500 employees, it ranks only seventh.  The researchers claimed that SMB skills shortages make it harder for teams to continue learning on the job, as they must in order to keep pace with the ever-changing threat landscape.  Nearly all survey respondents (96%) in smaller businesses claimed to find at least one aspect of investigating suspicious alerts challenging.  The researchers noted that fewer staff can also mean threats go unmonitored for longer periods.  The researchers said that SMBs have no one actively monitoring, investigating, or responding to alerts for a third of the time.  That is a problem when 81% of attacks reportedly start outside normal business hours.  The researchers said that worryingly, skill shortages may also create a vicious cycle whereby stretched teams are more likely to suffer burnout, leaving even fewer colleagues left to guard the fort.  In a separate APAC study, it was revealed that 85% of organizations experience fatigue and burnout among their IT and security professionals, with a quarter (23%) experiencing it "frequently" and 62% "occasionally." Some 90% of companies polled said burnout rates had increased in the past 12 months, with 30% saying they had risen "significantly."

Infosecurity Magazine reports: "Skills Shortages Now a Top-Two Security Risk for SMBs"