SMBs Need to Pay More Attention to Security
A new report out of Webroot Software discussed in eWeek argues that SMBs are "sitting ducks" for cybercrime:
In most industrialized countries, SMBs make up 97 to 99 percent of all companies. Yet most of those small to midsize businesses have tiny IT groups, and most of those IT groups don't have security expertise—heck, they don't even have security policies to manage employees' personal use of work computers.
Security vendors and their channel partners know this is an under-served market in need of attention. But more appliances and software won't solve all their problems.
Another problem is an understanding of the threats they face:
Most SMBs rate viruses as being of particular concern, Webroot found. However, SMBs are at greater risk from spyware and Trojans. While these two classes of malware are among the most highly reported infections in Webroot's survey, fewer than 50 percent of respondents consider spyware a very or extremely serious threat.Spyware may appear to be little more than a nuisance, but in reality it's a vector for stealthy malware implanting. Those who click ads in spam or even preview spam e-mail put themselves at risk of downloading spyware. Phishing can result in the theft of personal information such as credit cards, bank account numbers, PINs or Social Security numbers.
and
SMBs are worrying about the wrong things, Webroot maintains. The survey found that some 80 percent of U.S. SMBs rate employee errors, insider sabotage or data theft as very or extremely serious threats, yet 40 to 60 percent lack a policy or technology to restrict or monitor employees' personal use of work computers.
The SMB market could also use help with risk analysis. Understanding and keeping up the pace of information security threats is too much for SMBs. Most probably have accountants that help them keep up with tax laws, SMBs need an equivalent service infrastructure for security and risk management.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
