Small Businesses Don’t Fear Threats

Friday, November 25, 2011 @ 10:11 AM gHale

One of the big mysteries in security is trying to understand when, and if, a company will suffer an attack. The smaller the company, some think, the less likely an attacker will hit them.

That seems to be the thinking for small- and medium-sized businesses (SMB) in the Symantec global survey asking information technology professionals what they know about security threats and how they prepare for them.

Targeted Attacks on Rise
Malware Alert: Android up 472%
Busted: Ghost Click Nets Six
Malware Thrives, Remains Undetected

Most SMB managers know about the threats such as keystroke logging, distributed denial of service attacks, website vulnerabilities and targeted attacks, but 50 percent said they don’t have to worry about it.

“We are a small business and are not targets for these types of attacks,” they said.

“They’re saying these things happen to other people, not them,” said Kevin Haley, director of Symantec security response, who said the results surprised him. The “SMB Threat Awareness Poll” defined the SMB as between 5 and 499 employees in size.

Symantec, which sponsored the poll conducted by Applied Research, wanted to get a sense of how SMBs across the world and in many industries — financial, insurance, aviation, chemical, medical, information technology, energy and manufacturing — viewed security and what steps they took to combat specific threats.

While their understanding of risks was apparent, the SMBs much of the time saw their organizations as somehow exempt from actual attacks, which they view as a problem mainly for big corporations. They didn’t spend much time preparing for potential problems.

“Only 39% use antivirus on every desktop,” Haley said. “That’s striking right there.” He said malware, such as the banking Trojans used in cybercrime to compromise computers to make unauthorized funds transfers, are hitting smaller businesses. But SMBs see the news headlines that show the Stuxnet worm hitting nation states and hactivist group Anonymous striking large companies, and they think, “That’s not me, I don’t need to worry about any of this.” They also don’t worry much about lost or stolen smartphones used in business.

Other results of the survey show only 67% of the SMBs bothered to establish login and password restrictions for online banking purposes, and 63% didn’t lock down machines used in corporate banking.

SMBs vary widely in terms of the levels of expertise about security, Haley said, noting sometimes the individual in charge of security is also the person in charge of the phones. Sometimes it’s the business owner running the IT operations and security.

The IT security industry in general has long been subject to hand-wringing over SMBs, worrying about how to build products specialized to suit smaller businesses sensitive to price points. Setting up hardware and day-to-day management have been particular barriers where IT departments may be small, too.

The tide, however, may be starting to turn with the advent of cloud-based security services, which typically alleviate the need for on-premises equipment, becoming more ubiquitous.

Leave a Reply

You must be logged in to post a comment.