Do smaller businesses think they're immune to security threats?

Do small to midsize businesses (SMB) think they're somehow immune to security threats?

That's the impression you could get from the results of a Symantec global survey that asked 1,900 SMB professionals responsible for information technology what they know about security threats and how they prepare for them. While most SMB managers exhibited knowledge of threats such as keystroke logging, distributed denial of service attacks, website vulnerabilities and targeted attacks, exactly half indicated they need not have concern about any of it. "We are a small business and are not targets for these types of attacks," they said.

MORE ON SECURITY: IBM targets managed security service at iOS, Android, Windows, BlackBerry, other smartphones

"They're saying these things happen to other people, not them," said Kevin Haley, director of Symantec security response, who admitted he was somewhat surprised by some of the results of the "SMB Threat Awareness Poll," which defines the SMB as between 5 and 499 employees in size.

Symantec, which sponsored the poll conducted by Applied Research, wanted to get a sense of how SMBs across the world and in many industries -- financial, insurance, aviation, chemical, medical, information technology, energy and manufacturing -- viewed security and what steps they took to combat specific threats.

While their understanding of risks was apparent, the SMBs much of the time saw their organizations as somehow exempt from actual attacks, which they view as a problem mainly for big corporations. They didn't spend much time preparing for potential problems.

"Only 39% use antivirus on every desktop," Haley noted. "That's striking right there." He said malware, such as the banking Trojans used in cybercrime to compromise computers to make unauthorized funds transfers, are hitting smaller businesses. But SMBs see the news headlines that show the Stuxnet worm hitting nation states and hactivist group Anonymous striking large companies, and they think, "That's not me, I don't need to worry about any of this." They also don't worry much about smartphones used in business being lost or stolen.

Other results of the survey show that only 67% of the SMBs bothered to establish login and password restrictions for online banking purposes, and 63% didn't lock down machines used in corporate banking.

SMBs vary widely in terms of the levels of expertise about security, Haley said, noting sometimes the individual in charge of security is also the person in charge of the phones. Sometimes it's the business owner running the IT operations and security.

The IT security industry in general has long been subject to hand-wringing over SMBs, fretting about how to build products specialized to suit smaller businesses sensitive to price points. Setting up hardware and day-to-day management have been particular barriers where IT departments may be small, too. But the tide may be starting to turn with the advent of cloud-based security services, which typically alleviate the need for on-premises equipment, becoming more ubiquitous. Indeed, Gartner last week predicted that SMBs would be a big contributor to the growth of security services market over the next three years.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags smbsymantecIBMsecuritymalware

More about BlackBerryGartnerIBM AustraliaIBM AustraliaLANSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place