BANGALORE, INDIA: Terence Gomes, National SMB Manager -
McAfee India Sales Pvt Ltd., outlines the challenges and threats that SMBs face with regard to data security.
CIOL: In your view, how secure is the SMB data? How vulnerable are SMBs to data thefts?
Terence Gomes: In our 'Does Size Matter?' survey results, a few months ago, where we evaluated over 500 small and mid-sized (SMB) companies, we found that 45 per cent of them did not think they would be a valuable target for cyber criminals and 44 per cent considered cyber crime an issue reserved for larger companies.
In general, we believe SMB customers are generally aware of the challenges and threats that are "in the wild" but generally don't have the time or resources to completely protect themselves, and don't think the threats apply to them - until after they get hit.
SMBs are operating in an increasingly competitive environment and tough economic climate. They are becoming more and more reliant on the Internet to grow and succeed but are in denial about cyber security threats. For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. Just because a business is small, it doesn't mean it is immune to security threats.
CIOL: What are the major security issues that SMBs are facing?
TG: We think small and medium enterprises need to focus on five basic threat vectors. They need to protect the endpoint (servers and workstations) from malware and other threats – 2008 saw a 600 per cent growth in new strains of malware versus 2007, so the threat keeps getting bigger. They need to protect their users from dangers on the web – this is the fastest growing new source of infection. They need to protect their users from spam – between 85-95 per cent of the world's email is spam and 25 per cent of that contains some malicious code or pushes users to a malicious website. They need to protect their data – too much confidential data gets lost by accident or through malicious acts that could be preventable with the right steps.
Lastly, companies need to protect their networks from intrusions.
CIOL: In your view, how liberal are SMBs when it comes to IT spending?
TG: SMBs are definitely cost conscious, but at the same time they are aware of the impact of business disruptions resulting from cyber threats. As these businesses become more reliant on the Internet to grow their business, their need for protection also increases. These organizations look for security solutions that can protect them and give more value for the money they spend by reducing the resources needed to manage the information security infrastructure.
CIOL: What are the prevailing trends in the security solutions sector, with regard to SMBs?
TG: We see SMBs faced with the same security risks as their enterprise counterparts - they swim in the same Internet cesspool and are exposed to the same threats. In fact, some say SMBs are more heavily targeted because they are known to be less fortified. But we are also aware that SMBs need to focus on their core business, and are unable to dedicate specialized resources to information security.
The typical SMB company has 1.8 IT professionals on staff that are generalists responsible for the entire IT infrastructure. In fact, our data tells us only eight per cent of the time, and those generally in heavily regulated industries, is there a dedicated security professional. The typical company in this space spends one to two hours per week proactively managing security. As a result, they tend to be reactive, and respond to the threats generally after they are attacked.
