Symantec Offers Damning Report on SMB Security
Many small and midsize businesses think that they have adequate IT security in place, and, according to Symantec, most of those businesses couldn't be more wrong. IT managers need to face up to the harsh realities of the modern tech landscape and better prepare both their systems and their expectations for the road ahead.
Security firm Symantec recently paired up with the National Cyber Security Alliance to ask more than 1,000 small and midsize businesses about the current state of their IT security. As detailed in this eWeek article, the results showed that there is a huge disconnect between what businesses think about their relative security and the actual state of their IT risk.
On the one hand, most businesses have a fairly rosy idea of their own IT security. More than three-quarters of respondents believe that their company is safe from cyber threats and 86 percent say that they are happy with the amount of security they provide to protect their data. Eighty-three percent of respondents also claim that they are investing enough or doing enough to protect their customer's information.
In the same SMB security survey, 83 percent of respondents said that they have no formal security plan and 59 percent do not have a contingency plan for a data-loss event, showing a huge disconnect between belief and actuality. In that same vein, some credit card companies claim that more than 90 percent of payment data breaches come from small businesses, bringing their belief of data security into question.
The Midsize Problem
The problem with this perception gap is that it is occurring at exactly the most vulnerable segment of the business market. Midsize companies used to be able to rely on their relatively small size to shield them from targeted cyber attacks, but that's no longer the case.
The massive growth in data collection in the past few years means that many midsize businesses control an amount of data that was previously unimaginable. The value of this data, combined with the lax security at many of these firms, makes them a prime target for attackers.
As this IT Pro article discusses, some attackers are even going after small and midsize businesses as a way to test their malware and techniques before moving to larger targets. All of this combines to prove that midsize businesses are at the epicenter of the exploding malware and hacking problem, and if the sentiment of those in charge of security doesn't change, the issue is never going to get better.
IT managers need to understand that just meeting prescribed security standards isn't enough. They have to investigate the ways in which attackers are breaching businesses of the same size or in the same industry, and begin taking proactive steps to secure their systems.
At the same time, those managers need to face the realization that no business can ever be completely secure, and that some attacks may be inevitable. Because of this, managers need to create contingency plans for both system-based attacks and data-loss events. By preparing upper management for the possibility of these events and having a playbook ready for when something happens, the actual event can be far less damaging than if IT stick their head in the sand and pretend nothing bad could ever happen.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter. Follow Shawn Drew on Google+