Kaspersky report reveals disparity in IT security staffing

Today

Kaspersky's latest IT Security Economics Report 2024 highlights significant differences in IT security staffing and product deployment between small to medium-sized businesses (SMBs) and large enterprises.

The report finds that SMBs have a higher ratio of IT security staff to overall IT staff, standing at 33%, while large enterprises have a lower ratio of 22%. This discrepancy underscores the unique challenges SMBs face, given their limited resources and staffing constraints.

Despite having more staff and numerous solutions, large enterprises encounter increased complexity in managing their cybersecurity needs. On average, these enterprises utilise 15 different and often sophisticated security solutions, overseen by 23 IT security specialists. "These specialists, though qualified, frequently perform manual tasks and face with numerous routine processes," the report notes.

The shortage of qualified specialists results in higher wage demands and complicates security operations due to data duplication across systems. This complexity prevents seamless correlation of critical security data and overwhelms cybersecurity teams with alerts and false positives. "Security professionals often lack the time to conduct in-depth investigations, as their efforts are consumed by managing multiple, disparate security solutions," Kaspersky details, leading to vulnerabilities against Advanced Persistent Threats and other cyberattacks.

To address these issues, Kaspersky advises organisations to consolidate their different cybersecurity solutions or consider advanced products that correlate telemetry from various sources, such as Extended Detection and Response (XDR) solutions.

SMBs, with nine security solutions averaged and four specialists, face unique challenges due to their limited capacity compared to larger counterparts. The report highlights the significant hurdle of obtaining qualified information security professionals, compounded by constraints that limit staff education and ongoing security awareness training. This shortage increases the risk of data leaks caused by employees unknowingly aiding cybercriminal activities.

Resource constraints further restrict SMBs from developing and enforcing robust security policies and investing in advanced security solutions. Kaspersky suggests that SMBs might consider outsourcing complex security tasks to Managed Service Providers (MSPs) or Managed Security Service Providers (MSSPs). According to the report, "This approach is typically more cost-effective than maintaining a dedicated in-house security team."

Standard security training for all employees, not limited to IT staff, is advised to build a culture of security awareness. Techniques such as simulated phishing exercises are highlighted as effective means to educate employees on recognising phishing emails and other deceptive tactics.

Both SMBs and large enterprises are encouraged to implement tailored security strategies that address the distinct challenges they face. The report underscores that while larger enterprises benefit from economies of scale, smaller organisations proportionally invest more in IT security.

Share on: