Threat of Exposure
Most Small, Mid-sized Businesses Exposed to Internet Security
by: Jerry Liao
Webroot Software, Inc., a leading provider of Internet security software for the consumer, enterprise and SME markets, unveiled its latest report, “State of Internet Security: Protecting Small and Medium Businesses”. The report highlights startling survey results surrounding Internet security threats among SMEs worldwide. In conjunction with the report, Webroot has released a handbook for SMEs, “A Guide to Security for Small & Medium Business” that provides tips and best practices for protecting technology infrastructure and sensitive customer data from malware and cyber criminals.
“Unlike larger corporations, SMEs often lack the monetary resources and IT expertise to install and maintain the type of protection needed in the face of today’s growing malware threats. The real dichotomy here is that most of these companies think the real threats are viruses and worms, but the reality is the percentage of spyware is much higher and growing quickly,” said Peter Watkins, CEO, Webroot Software. “As a result, these companies are easier targets for cyber criminals when compared to larger companies with dedicated IT security resources.”
Consistent around the world, SMEs make up the overwhelming majority of the world’s business landscape, totaling more than 99.5 percent of all businesses in each country surveyed and representing more than 50 percent of the Gross Domestic Product (GDP) in each country. Because of the sheer number of SMEs worldwide, they are easy for criminals to find and have several consistent internal attributes that heighten their Internet security risk including:
• Pervasive Internet use. Seventy-seven percent of SMEs said their success depends on the Internet.
• Home-based and remote workers. Up to 52 percent of new businesses are home-based or remote.
• The need to store valuable customer and employee data due to online sales.
According to the report released by Webroot, SMEs are increasingly connected in order to do business, but there are a number of other factors impacting their IT security including:
• Lack of in-house security expertise.
• Limited budget and resource constraints.
• A constant struggle to keep pace with a growing mobile workforce.
• Absence of policies managing personal use of work computers.
• Increasing volume of sensitive customer and employee data.
• A rapidly evolving threat landscape.
“We’re seeing a perfect storm developing that could possibly have serious economic impact. SMEs are heavily reliant on the Internet for their work, making them a target. Compounding matters, there has been a 183 percent increase in Websites harboring spyware since January 2007, and SMEs aren’t defending themselves adequately,” added Watkins. “Given that these companies are the lifeblood of the world’s leading economies in both revenue generation and employment, we have a situation that could expose both businesses and customers to a very real, significant and growing threat on a global basis.”
– Low Awareness and Misperception of Real Problem. In all six countries surveyed, SMEs reported viruses and worms as more of a threat than spyware, yet last year spyware threats increased 254 percent while viruses were on the decline.
– High Virus Infection Rates Despite Protection. Approximately 96 percent of respondents reported that they have an antivirus solution installed, but more than 60 percent of respondents in Canada, France and the U.S. still reported a virus infection in the past year, which reflects the need for broader protection due to the increasingly complex nature of malware threats, and the need for someone to help manage the solution.
– Lack of Policies for Perceived Threats. To the extent that SMEs view employee errors and data theft as serious threats, 40 to 60 percent lack a policy to restrict or monitor employees’ personal use of work computers.
– Limited or No IT Staff. Approximately 40 percent of SMEs in Japan reported having no IT department at all, while three-fourths of SMEs surveyed have fewer than ten people in IT. The lack of in-house security expertise helps explain why 61 percent of SMEs have never sought information about how to properly protect customer and employee data.
May this report serves as a guide not only to our local SMEs but to security application and service providers as well, that security is not a product but a process. Everyone in the equation should work together to achieve a secure I.T. infrastructure. If not, everyone will be a loser here. Believer me, when I say everyone – I mean EVERYONE.