If given a larger security budget, the majority of IT professionals said they would invest in prevention efforts, according to a Barkly survey.
Barkly investigated what types of security efforts IT professionals at small and medium-sized businesses emphasize, when asked about detection, prevention and recovery capabilities.
Here's how they ranked their priorities.
- Prevention. This security function, which focuses on keeping malicious software out of the system, includes antivirus, firewall and email filtering solutions, alongside security awareness training. More than half (51 percent) of respondents said they would invest in prevention first, if given the additional budget.
- Detection. This security function, which focuses on being aware of security incidents as quickly as possible, includes intrusion detection systems and network monitoring tools. A total of 26 percent of respondents said they would invest in detection first, if given more funding.
- Recovery. This security function, which focuses on cleaning up after an attack as quickly as possible, includes backup and forensic capabilities. A total of 23 percent of respondents said they would invest in recovery first, while almost half of respondents said they would prioritize this function third.
This shift in doubling down on prevention, rather than detection, may be attributed to the rise in ransomware. "Since ransomware attacks can encrypt files in a matter of minutes or even seconds, detecting and responding to the attack after the fact means it's too late," according to the Barkly survey.
Click here to view more of the survey's findings.