Low budgets deter Indian SMBs from effective information security

By : |May 31, 2009 0

MUMBAI, INDIA: Symantec announced its India findings from the Symantec 2009 SMB Security and Storage survey.

The survey states that while there is a growing awareness among the SMB segment in the country towards the various threats to their data, deployment of relevant solutions to counter this threat has not matched up. Inadequate budget coupled with ineffective information security management at the operational level are stumbling blocks for most SMBs in the country.

This survey has covered verticals such as financial services, healthcare, telecommunications, manufacturing, retail, professional services, education, entertainment and recreation, business support services and real estate.

While SMBs in India are aware of the need to protect information (84 percent), protect the network (76 percent), protect the desktop (53 percent), protect the servers (81 percent), protect e-mail (67 percent), and backup and recovery of data (83 percent), the stark reality is that the awareness has not necessarily translated in users actively deploying solutions that effectively protect their corporate data.

“The survey shows that small and mid-sized businesses in India want to protect their information, both internally and externally, but wafer thin budgets, coupled with inadequate and under-trained manpower are clearly stopping them from doing so,” said Ajay Verma, Director—Channel and Alliances, Symantec India. “As information within Indian SMBs continues to grow, there will be enormous pressure on these organizations from their customers and partners to effectively and appropriately, secure and manage their information.”

Weak on information security

According to the survey, 61 percent of India SMBs were unaware of the present day IT security threats. While a majority of respondents are extremely concerned about basic security issues like virus attacks (73 percent), phishing scams (60 percent) and spam (64 percent), a large number of respondents did not consider data loss (68 percent), employee ignorance (70 percent), unauthorized network access (50 percent) and unencrypted laptops (61 percent) as major security threats.

While most respondents are concerned about virus attacks and are aware of the adverse effect that viruses have on their infrastructure, only half of them have an anti-virus solution in place. A mere 23 percent have plans to implement an anti-virus solution in the coming year.

Symantec’s recently released Internet Security Threat Report (ISTR) XIV points to the increasing levels of virus and worm attacks on Internet users in India. According to ISTR XIV, India had the highest occurrence worms and viruses within all of APJ. These malicious codes disabled security related processes, downloaded additional threats and steal confidential information—an indicator that basic security safeguards such as an anti-virus were amiss in Indian SMBs.

Though spam is a major concern, only 37 percent of the respondents for this survey have an anti-spam solution in place. This puts India at the bottom of the list in the APJ region for both anti-virus and anti-spam solution implementation.

With less than 20 percent of IT budgets being spent on security, Indian SMBs have the lowest deployment rate of security solutions across the APJ region. Countries such as Hong Kong, Australia, South Korea, and Japan spend an equivalent of almost 100 percent of their IT budgets on security.

Storage blues in Indian SMBs

Indian SMBs are slow to deploy effective storage solutions such as backup and archiving into their IT infrastructure. Here too the awareness of the benefits of such solutions exists, but they have been hardly implemented.

While 83 percent of the respondents polled know that a backup and recovery solution is critical to their organizations and 69 percent are aware of the need to archive data, only 44 percent have actually implemented a solution.

Solutions such as replication have been deployed by a low 19 percent of the respondents. Online storage too has found a few takers with only 28 percent of them using it. Data backup and archiving has seen reasonable implementation with 28 percent of the respondents having deployed the former, while the latter has a 36 percent acceptance.

While 72 percent respondents were aware of the need for a disaster recovery plan, only 37 percent Indian SMBs actually had one in place. Implementation of encryption software on removable storage devices was also deficient in Indian SMBs, with only 28 percent adoption.

Getting money’s worth

The survey shows that a majority of the respondents (60 percent) are willing to spend annually, an inconsequential amount of Rs 1,00,000 (approx $2000) on ensuring that their systems and information are protected. While it is encouraging to see that respondents see security as a concern area and are taking steps to protect their data, SMBs in India have mis-estimated the budget required to securitize their data.

However on a brighter note, the report states that over 57 percent respondents from India have plans to increase their IT security and storage spends in the next 12 months.

“To counter the budget constraint, we see some SMBs using pirated software, which actually compounds their woes as they struggle with regular software updates, patch management issues and growing malicious threats,” added Ajay Verma.

Additionally, challenges faced by the SMBs extend to having access to qualified, experienced and effective employees to ensure that the various solutions are in place and functioning. Almost 69 percent of the respondents have indicated that the security function is not separated from the IT function and is a dual responsibility on the same person.

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.