/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI, INDIA: Findings from the Symantec 2009 SMB Security & Storage survey states that while there is a growing awareness among the SMB segment in the country towards the various threats to their data, deployment of relevant solutions to counter this threat has not matched up.
Inadequate budget coupled with ineffective information security management at the operational level are stumbling blocks for most small and medium businesses (SMBs) in the country.
This survey has covered verticals such as financial services, healthcare, telecommunications, manufacturing, retail, professional services, education, entertainment & recreation, business support services and real estate.
While SMBs in India are aware of the need to protect information (84 per cent), protect the network (76 per cent), protect the desktop (53 per cent), protect the servers (81 per cent), protect e-mail (67 per cent), and backup and recovery of data (83 per cent), the stark reality is that the awareness has not necessarily translated in users actively deploying solutions that effectively protect their corporate data.
“The survey shows that SMBs in India want to protect their information, both internally and externally, but wafer thin budgets, coupled with inadequate and undertrained manpower are clearly stopping them from doing so,” said Ajay Verma, director, Channel and Alliances, Symantec India. “As information within Indian SMBs continues to grow, there will be enormous pressure on these organizations from their customers and partners to effectively and appropriately, secure and manage their information.”
Weak on Information Security
According to the survey, 61 per cent of India SMBs were unaware of the present day IT security threats. While a majority of respondents are extremely concerned about basic security issues like virus attacks (73 per cent), phishing scams (60 per cent) and spam (64 per cent), a large number of respondents did not consider data loss (68 per cent), employee ignorance (70 per cent), unauthorized network access (50 per cent) and unencrypted laptops (61 per cent) as major security threats.
While most respondents are concerned about virus attacks and are aware of the adverse effect that viruses have on their infrastructure, only half of them have an anti-virus solution in place. A mere 23 per cent have plans to implement an anti-virus solution in the coming year.
Symantec’s recently released Internet Security Threat Report (ISTR) XIV points to the increasing levels of virus and worm attacks on Internet users in India. According to ISTR XIV, India had the highest occurrence worms and viruses within all of APJ. These malicious codes disabled security related processes, downloaded additional threats and steal confidential information – an indicator that basic security safeguards such as an anti-virus were amiss in Indian SMBs.
Though spam is a major concern, only 37 per cent of the respondents for this survey have an anti-spam solution in place. This puts India at the bottom of the list in the APJ region for both anti-virus and anti-spam solution implementation.
With less than 20 percent of IT budgets being spent on security, Indian SMBs have the lowest deployment rate of security solutions across the APJ region. Countries such as Hong Kong, Australia, South Korea, and Japan spend an equivalent of almost 100 percent of their IT budgets on security.
Storage blues in Indian SMBs
Indian SMBs are slow to deploy effective storage solutions such as backup and archiving into their IT infrastructure. Here too the awareness of the benefits of such solutions exists, but they have been hardly implemented.
While 83 per cent of the respondents polled know that a backup and recovery solution is critical to their organizations and 69 percent are aware of the need to archive data, only 44 percent have actually implemented a solution.
Solutions such as replication have been deployed by a low 19 per cent of the respondents. Online storage too has found a few takers with only 28 percent of them using it. Data backup and archiving has seen reasonable implementation with 28 percent of the respondents having deployed the former, while the latter has a 36 percent acceptance.
While 72 per cent respondents were aware of the need for a disaster recovery plan, only 37 per cent Indian SMBs actually had one in place. Implementation of encryption software on removable storage devices was also deficient in Indian SMBs, with only 28 per cent adoption.
Bang for the Buck
The survey shows that a majority of the respondents (60 per cent) are willing to spend annually, an inconsequential amount of Rs. 100,000/ (Approx. USD 2000) on ensuring that their systems and information are protected. While it is encouraging to see that respondents see security as a concern area and are taking steps to protect their data, SMBs in India have misestimated the budget required to securitize their data. However on a brighter note, the report states that over 57 per cent respondents from India have plans to increase their IT security and storage spends in the next 12 months.
“To counter the budget constraint, we see some SMBs using pirated software, which actually compounds their woes as they struggle with regular software updates, patch management issues and growing malicious threats,” adds Verma.
Additionally, challenges faced by the SMBs extend to having access to qualified, experienced and effective employees to ensure that the various solutions are in place and functioning. Almost 69 percent of the respondents have indicated that the security function is not separated from the IT function and is a dual responsibility on the same person.