Cloud 9 Advisers - News #Analytics

SMEs can't keep up

Fri, 20 Jun 2025 20:19:37 -0500

Smaller organizations reach security breaking point

From out friends at Computerworld and CSO Magazine

Senior Writer

Jun 12, 20259 mins (a must read)

Strained budgets, overstretched teams, and a rise in sophisticated threats is leading to plummeting security confidence among SMEs as cybercriminals increasingly target them in supply chain attacks.

Limited budgets, overstretched IT teams, and a rapidly evolving threat landscape mean smaller organizations are approaching a “cybersecurity tipping point.”

The World Economic Forum’s (WEF) Global Cybersecurity Outlook 2025 report noted that “71% of cyber leaders say small organizations have already reached a critical tipping point where they can no longer adequately secure themselves against growing complexity of cyber risks.”

More than a third (35%) of small organizations believe their cyber resilience is inadequate, a proportion that has increased sevenfold since 2022.

By contrast, the share of large organizations reporting insufficient cyber resilience has nearly halved over the same period.

Skills gap leading to deteriorating security outlook

Experts quizzed by CSO said that the rapid adoption of emerging technologies — which comes with the downside of fresh vulnerabilities that cybercriminals can exploit — together with a widening skills gap is contributing to a deteriorating security outlook for small and midsize businesses (SMBs).

“Cyber skills gaps are prevalent in SMBs largely due to a lack of resources and specialized knowledge,” says Tom Exelby, head of cybersecurity at managed security services firm Red Helix. “Many SMBs don’t have dedicated cybersecurity teams, and those in charge of security can lack the confidence to perform even basic cyber tasks.”

Small and medium enteprises (SMEs) that do have budget to hire specialists often struggle to attract and retain skilled professionals due to the lack of variation in the role. Burnout is also a growing issue for the understaffed, underqualified IT teams common in small business.

“With limited resource in the business, employees are often wearing multiple hats and the pressure to manage cybersecurity on top of their regular duties can lead to fatigue, missed threats, and higher turnover,” Exelby says.

WEF’s report estimates that the cyber skills gap has increased by 8%, with two out of three organizations reporting moderate-to-critical skills gaps, including a lack of essential talent and skills to meet their security requirements. WEF’s findings are based on a survey of 321 qualified participants supplemented by 43 one-to-one interviews.

Resource constraints common in smaller businesses make maintaining even basic security posture an uphill struggle.

Steven Wood, director of solution consulting for EMEA at OpenText Cybersecurity, tells CSO: “Implementing and maintaining even basic defenses require strategies at multiple levels — user training, email threat detection, endpoint protection, DNS layer filtering, proper authentication, patch management, event monitoring, backups and drills — which can overwhelm small IT teams with limited budgets and headcount.”

Wood adds: “Given the scope of this list, it can be difficult for organizations to keep up with even baseline best practices for security.”

SMEs targeted by supply chain attacks

SMEs often mistakenly believe that cyber attackers only target larger organizations, but that’s often not the case — particularly because small business partners of larger companies are often deliberately targeted as part of supply chain attacks.

“Threats are becoming more advanced but their resources aren’t keeping pace,” says Kristian Torode, director and co-founder of Crystaline, a specialist in SME cybersecurity. “Many SMEs are still relying on outdated systems or don’t have dedicated security teams in place, making them an easy target.”

Torode adds: “They’re also seen by cybercriminals as an exploitable link in the supply chain, since they often work with larger enterprises.”

“SMEs have traditionally been low-hanging fruit — with limited resources for cybersecurity training, advanced tools, or dedicated security teams,” Adam Casey, director of cybersecurity and CISO at cloud security firm Qodea, tells CSO. “More often than not, cybersecurity is left to overstretched IT departments already juggling multiple responsibilities.”

Training shortcomings and regulatory headaches

Cyber training is another area where smaller firms are falling behind.

“Annual training modules are no longer fit for purpose given the rate of change,” says Dr. Rick Goud, CIO and cofounder of secure email vendor Zivver. “What is needed is more dynamic, context-aware education that is delivered when and where employees are most likely to make mistakes.”

In addition to challenges keeping up with the latest training, the proliferation of regulatory requirements around the world is also adding a significant compliance burden for smaller organizations.

“As regulations like NIS2 and GDPR become stricter, compliance is often left to senior leadership teams who are already juggling multiple roles,” Goud says. “Without a dedicated data protection officer or team, it’s easy for things to fall through the cracks, especially when third-party suppliers are involved.”

Worse, the need to comply with NIS2 in the EMEA region is eating into IT budgets, placing further strain on smaller organizations. Moreover, regulations like NIS2 and DORA are placing even greater pressure on talent markets and skills gaps.

Growing threats

Smaller teams, already struggling with limited cyber skills, are often ill-equipped to manage a growing array of threats. This is contributing to a widening gap in security maturity between larger and smaller organizations.

“Unlike large enterprises, SMEs often lack the budget and specialized personnel to secure a sprawling IT stack, especially as hybrid work and cloud adoption expand their attack surface,” says Robert Phan, CISO at cloud-based directory services firm JumpCloud.

Martin Greenfield, chief executive at Quod Orbis, also sees the shift to cloud and hybrid work environments challenging SMEs at a time when “threat actors have become faster, smarter, and better resourced,” he says.

Moreover, a small business monoculture of similar (cheap) security tools and much the same IT equipment — often set up in default (insecure) configurations — makes it possible for cybercriminals to automate attacks against SMEs at scale, notes Richard Werner, cybersecurity platform lead for Europe at Trend Micro.

As a result, security threats are evolving and growing faster than most SMEs can track let alone remediate. For example:

Generative AI is supercharging phishing and BEC social engineering: Attackers are using AI to craft highly personalized, fluent phishing lures — making messages harder to spot and massively increasing overall volume.
Ransomware-as-a-service has professionalized: Today’s RaaS platforms offer affiliate dashboards, playbooks, negotiation support, and multi-extortion (combining encryption, data theft, and public shaming), raising both the technical sophistication and reputational pressure on victims.

New attack surfaces are rising around cloud and identity: “Poor IAM and exposed remote-access services have driven a surge in cloud-focused ransomware and account-takeover attacks,” according to OpenText Cybersecurity. “In 2024 alone, cloud ransomware incidents spiked as attackers moved beyond endpoints to steal API keys or abuse services like Okta and Azure AD.”

“Security threats are evolving faster than most SMEs can track,” Zivver’s Goud says. “AI-driven phishing, deepfake scams, and automated exploitation are all on the rise, but most organizations do not have the internal capability to monitor or respond to them. That gap is growing and so are the risks.”

Vulnerability surge

Small business IT teams have always struggled to prioritize and triage security problems — a problem that has only grown more acute in recent years as the volume of vulnerabilities has increased.

According to the Verizon Data Breach Investigation Report for 2025, vulnerabilities grew as an attack vector by 180% over the year prior. Looking at the number of software vulnerabilities reported, that number has gone up as well — from 25,059 in 2022 and 28,961 in 2023 to 40,077 in 2024.

“When you are a small team, that number of issues is just impossible to track,” Matt Middleton-Leal, managing director for EMEA at Qualys, tells CSO. “The right approach here is to grade potential issues for severity and then spend time on what matters. This can help every small team have a big business impact.”

Business dynamics also have a part to play in the increasing security problems faced by SMEs.

“SMEs have accelerated digital transformation to remain competitive or simply to stay operational during the pandemic,” Qodea’s Casey points out. “Yet many still lack the internal expertise to properly assess or address the security implications of this shift."

Mitigation

While a wealth of information is available, such as the UK NCSC’s small business security guide, small businesses often find it difficult to find actionable guidance.

During a session at the Infosecurity Europe conference earlier this month, representatives of the CyCOS project explained how they were offering a community-based approach to support small business in becoming more secure.

CyCOS is a collaboration between three UK universities (Nottingham, Queen Mary, and Kent), and is supported by a variety of partners, including the Home Office, National Cyber Security Centre (NCSC), ISC2, the Chartered Institute of Information Security (CIISEC), and three regional Cyber Resilience Centres.

During the panel, Professor Steven Furnell, a CIISEC board member, pointed out that “SMEs have the security guidance but they don’t know how to take it forward by building communities, so that small businesses have someone to talk to apart from consultants.”

Industry experts argue that use of managed security services can help small businesses to become more resilient.

“In the short term, SMBs can solve the problem by partnering with a managed security services provider who can not only better protect them and respond to threats but also advise them away from overinvesting in security tech that they really don’t need,” says Red Helix’s Exelby. “To fix the long-term skills gap issue impacting the entire sector, education is a key alongside greater diversity.”

Automation is another vital security strategy for helping SMBs mind the gaps.

“Most small IT teams can’t manage the constant churn of alerts, patches, and manual controls — that’s why automation is essential,” says Albert Estevez, field CTO at Zero Networks. “By automating segmentation and access control, organizations can reduce risk and contain threats — without needing enterprise-sized security teams.”

Link to original CSO article: https://www.csoonline.com/article/4003892/smaller-organizations-nearing-cybersecurity-breaking-point.html

Let Cloud 9 introduce you to:

Get Started Now

Supplier Spotlight: Verint

Thu, 27 Feb 2020 21:35:32 -0500

The AI-Powered Customer Journey

Cloud 9 Supplier Spotlight: Verint

Actionable Intelligence

2020 Will Shape Up to Become the Year of the AI-Powered Customer Journey

In the evolving Experience Economy, 2020 is shaping up to become the year enterprises apply the building blocks to enable proactive, personalized experiences at every step of the customer journey. In this dynamic environment, organizations must continuously re-calculate the next-best action for each customer, and at each moment.

This requires a shift from traditional customer journey mapping tools to a more holistic and actionable approach of customer journey management powered by AI and reliant on a foundation of data as an enterprise asset. With this shift, enterprises can track, map, analyze, visualize, and personalize customer journeys in real time.

Journey mapping coupled with natural language processing (NLP), predictive analytics, and machine learning will automate systems that can evaluate the behavioral and transactional factors in customers’ decision-making. These factors contribute to whether people are getting through the process outlined for them, determine the reasons why people falter on some journeys, and orchestrate real-time next-best actions to engage with them at critical moments mapped out in the journey.

Recent Ovum survey data points to continued adoption of journey mapping, AI, and predictive analytics to ensure more actionable customer journeys. According to ICT Enterprise Insights 2019/20 – Global: ICT Drivers and Technology Priorities, 24% of respondents have strategic investments planned for customer journey mapping and 37% have minor investment planned.

Additionally, 26% have strategic investments planned for predictive analytics in the area of customer engagement, and 37% are planning minor investments. In terms of AI adoption, 19% of respondents reported having fully deployed packaged AI for the enterprise, 32% are trialing, and 27% were planning to deploy packaged AI.

As these functions inevitably converge, the utilization of AI and machine learning will give context to customer journeys, helping enterprises understand the significance of the events that shape a customer’s behavior. Proactively responding to such key moments will enable true personalization to take hold throughout the digital customer journey. That requires an awareness of both the customer journey touchpoints and their corresponding customer behaviors.

The power of AI-enabled customer journey orchestration is that it can sift through a larger and more complex data space and thereby uncover many more business opportunities and prioritize the insights. It finds every single relationship in the data and predicts the likelihood of future behaviors with high accuracy, while simultaneously identifying the drivers and inhibitors of customer performance.

It also provides important quantitative data to determine the impact of any obstacles along the customer journeys on business objectives, as well as the effectiveness of any remediations. Armed with that information, enterprises can do more than find the “next best action” or the optimal audience. They can take action on data regarding each portion of the journey, measure its impact to advance prediction models, use the results of that analysis to drive better and more predictive models, and even serve as customers’ personal “concierge” for interactions with their brands.

As the quest for connected, intelligent customer experiences accelerates, AI-powered journeys will naturally take the spotlight. But enterprises must first build upon core data integration use cases and start investing in the systems and integrated technologies that will enable them to create precise audiences for activation.

Making the right investments in AI and embedding it across applications will build a foundation to optimize customer experiences that will set enterprises apart from their competition and drive future growth.

By Mila D'Antonio, Principal Analyst, Customer Engagement, Omdia (formerly Ovum), see the original here

Leading brands rely on the Verint Cloud to engage with customers and power more than 3 billion customer interactions per year. The result? Amazing customer experiences. Drive deeper loyalty, enhance business performance and set your organization head and shoulders above the competition. The future of customer engagement is here today.

Contact Cloud 9 Advisers and talk with our verndor-neutral contact center experts to see if Verint is right for your contact center team and organization.

Learn more about Verint

Learn more about Contact Center Solutions

Learn more about Verint