A survey of 217 IT professionals from small-to-medium businesses (SMBs) found that while nearly 80% of the respondents considered themselves well-protected against cybersecurity threats, less than 60% employed security tools such as password managers, two-factor authentication or making cybersecurity training available.

Conducted by Devolutions, a provider of remote access and password management tools, the survey found the most used tools are password managers (57%), endpoint detection and response (56%), training (54%), security audits (52%) and privileged access management (PAM) tools (48%). On the plus side, a full 86% of respondents also have internal cybersecurity expertise (53%) or have contracted external consultants (33%), with just under a third (31%) allocating 11% to 15% of their IT budgets to cybersecurity, the survey found.

Overall, the survey found there has been a 9% increase in cyberattacks aimed at these organizations in the last year, with 69% of respondents reporting their organization has been victimized to varying degrees. More than three-quarters (78%) are more concerned about cybersecurity this year, with phishing (62%), ransomware (61%) and malware (52%) identified as top threats.

Despite increased concerns, however, 75% are either very confident (20%) or reasonably confident (55%) in the security provided by cloud service providers, while 56% of respondents said they are either very confident (11%) or reasonably confident in the level of trust they have in artificial intelligence (AI) platforms.

Maurice Cote, vice president of products for Devolutions, said the survey suggested that, in addition to a certain amount of complacency, many organizations are not as well protected as they should be because of the complexity of some of the cybersecurity tools that IT professionals are being asked to deploy and manage. Too many cybersecurity tools are designed for cybersecurity professionals rather than IT administrators, who are typically responsible for managing security operations in smaller organizations, he added.

Unfortunately, too many of those administrators are measured on productivity enabled and availability of systems rather than the degree to which they prevent cybersecurity attacks, noted Cote.

For example, the survey found more than a third (35%) of respondents reported negative experiences using PAM tools compared to 52% who had a positive experience. On the upside, however, there has been an 8% increase in usage of these tools in the last year, with 95% deeming them important to maintaining cybersecurity.

The biggest issue SMBs fail to appreciate, of course, is the indiscriminate nature of cyberattacks. While there has been a general increase in the number of targeted cyberattacks, most of them are launched via automated platforms that seek to exploit vulnerabilities wherever they happen to be discovered. Most of these attacks are not especially complex, but given the number of vulnerable IT environments that exist, a significant percentage still wind up being successful. Most organizations would be well-advised to concentrate on cybersecurity fundamentals to thwart these types of relatively simple cyberattacks.

Regardless of approach, it’s clear that SMBs are just as likely as any large enterprise to be on the frontline of a cybersecurity war that never seems to end.