Symantec Researchers conducted this survey with 1,900 organizations worldwide by telephone in Sep,2011.
“Our research shows that SMBs are quite vulnerable to cyberattacks, and it’s more important than ever for them to take steps to keep their information safe,” said Steve Cullen, senior vice president of Worldwide Marketing for SMB and .Cloud for Symantec Corp. “Even with tight budgets and limited resources, simple changes such as education and best practices can significantly strengthen an SMB’s security approach to cyberattacks.”
Survey Highlights
- SMBs are familiar with security threats
The survey shows that more than half of SMBs are familiar with many different security threats to the business, including targeted attacks, keystroke logging, and the risks that come with using smartphones for company business. More than half (54 percent) stated that malware would cause a loss of productivity, and 36 percent recognized that hackers could gain access to proprietary information. In addition, respondents said a targeted attack would impact the business. Forty-six percent stated that a targeted attack would cause a revenue loss and 20 percent said it would drive customers away. - SMBs don’t see themselves as targets
Surprisingly, although SMBs know the dangers of cyberattacks, they don’t feel they are at risk. In fact, half of SMBs think that because they are a small company, they aren’t in danger – it’s primarily large enterprises that have to worry about attacks. This is in direct contrast to the evidence. According to data from Symantec.cloud, since the beginning of 2010, 40 percent of all targeted attacks have been directed at companies with fewer than 500 employees, compared to only 28 percent directed at large enterprises. - SMBs not taking action
Because SMBs don’t see themselves as targets, many of them are failing to take basic precautions to protect their information. While two-thirds restrict who has login information, a shocking 63 percent don’t secure machines used for online banking and 9 percent don’t take any additional precautions for online banking. More than half (61 percent) don’t use antivirus on all desktops, and 47 percent don’t use security on mail servers/services.
Recommendations from Symantec
In order to keep sensitive corporate information safe, there are several simple practices SMBs can follow to protect against cyberattacks.
- Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices.
- Assess your security status: SMBs are facing increased risks to their confidential information, so safeguarding data is critical. One data breach could mean financial ruin for an SMB. Know what you need to protect. It’s important to understand your risks and security gaps so that you can take steps to protect your information.
- Take action: Be proactive and develop a security plan. Consider items such as password policies, endpoint protection, the security of email and Web assets, and encryption. You should also evaluate whether on-premise or a hosted service would best suit the needs of your organization.
