The latest survey on SMB security familiarity and postures by security company Symantec shows that about half of smaller companies are familiar with the sorts of cyber-security threats we are all up against.
But at least half of them don't view themselves as targets, believing that dubious privilege is reserved for larger companies. This despite the fact that data from Symantec.cloud shows at least 40 percent of all targeted attacks aimed at the corporate world are focused on companies with fewer than 500 companies, compared with the 28 percent that are focused on large enterprises.
"SMBs have a good level of familiarity with threats, but do not see themselves as targets," said Anne O'Neill, senior director of SMB and .cloud for Symantec. "As a result, they are not putting the right safeguards in place."
The 2011 SMB Threat Awareness Poll, which covered the responses of approximately 1,900 small and midsize businesses that were surveyed by Applied Research, found that more than half of the companies were familiar with the most common sorts of security threats including distributed denial of service attacks, keystroke logging, targeted attacks, and the dangers of shortened URLs (is it ironic that I received one in order to share this information?) and using smartphones for business purposes. The chart below shows the percentages.
Source: Symantec 2011 SMB Threat Awareness Poll
What's the worst that could happen if a small business is attacked? A majority of respondents (54 percent) saw a lost of productivity as the most onerous result of a cyber attack. Only about one-third (36 percent) were worried about hackers gaining access to proprietary or protected information.
Perhaps the most troubling findings for me, however, was how little the survey respondents are doing about security. Yes, approximately two-thirds of them restrict log-in information, but the Symantec research shows that almost 63 percent of SMBs don't have any security on systems used for online banking. Approximately 40 percent of them don't have security software on all their desktop computers and almost half of them don't have security on their mail servers. What?
The problems over at Facebook, which suffered a coordinated spam attack this week, are just the latest high-profile examples of what happens when a business doesn't take all the precautions it should about security for email, Web sites, social networks and so on. It is also an indicator that what is safe today might not be safe tomorrow, as cyber-criminals become ever more savvy and sneaky in the way they attack businesses. No SMB can afford to ignore security in the current climate, and it isn't just productivity that will be negatively impacted.