|
According to research firm AMI Partners, there are about 6.4 million small and medium-sized businesses (SMBs, or companies with 1-999 employees) in the United States and 953,000 in Canada while in Europe there are 25 million small and medium sized businesses. These organizations are operating in an increasingly competitive environment and tough economic climate. They are becoming more and more reliant on the Internet to grow and succeed. For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. Just because a business is small, it doesn’t mean it’s immune to security threats.
For this report, McAfee® surveyed 500 companies with 2-1000 employees in North America. The findings were then compared to the results of last year’s “Does Size Matter” report, which was conducted among 600 SMBs in Pan EMEA. Although SMBs are concerned about the danger of cybercrime, we were surprised to find that there is a predominant belief that SMBs on both sides of the border are too small to be of any value to cyber criminals, and most SMBs are confident that they are adequately protected by default settings on their IT equipment. This is a dangerous misconception and SMBs need to understand how best to protect their business. In conducting this study, we hoped to uncover what is stopping these SMBs from moving security up on their business priority list.
We realize that fighting malicious code, hacking, spam and fending off phishing (or even SMSishing, a type of phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone) attacks can tap into the valuable resources of a small business. Our survey found that on average SMBs have just one hour a week to dedicate to IT Security, which is why it’s important for a business to choose the right, easy-to-manage product.
Bearing this reliance on the Internet in mind, if a business does become a victim of a cyber crime attack, on average how long does it take a smaller business to recover? Our survey reveals it took a quarter of businesses (26 percent) an entire week to get their business back up and running from the most recent cyber attack.
Our message is that size doesn’t matter where ever you are. A smaller business is just as vulnerable as larger enterprises to attacks from cyber criminals. I hope you find this information useful, we believe effective security is a great enabler for businesses everywhere.
In comparison to larger organizations, attacks can be even more catastrophic as SMBs often don’t have the resources or funds to build contingency plans. If a resource goes down, a business often goes down with it. North America’s SMBs are leaving themselves open to attack due to time constraints. ‘Cyber criminals don’t discriminate and to them, size doesn’t matter,” Jeff Green, senior vice president of McAfee Avert Labs. ”In fact, high profile attacks are becoming less frequent because they are often detected more quickly, and attackers are favoring ‘stealth’ attacks that quietly infiltrate systems. Attackers often assume that smaller businesses will not have technology to identify their attacks and therefore regard them as easy-pickings.”
Coupled with the perception that SMBs are “easy pickings”, cyber criminals are increasingly turning their attention to technologies such as Voice over IP, (e.g. Skype), smartphone software (Blackberrys) and new virtual systems. These technologies are being progressively adopted by SMBs as they offer substantial cost-savings and flexibility, making SMBs even more likely to become targets. In addition, employees are using the Internet for social networking on the likes of Facebook and LinkedIn and the use of Instant Messenger is rapidly increasing; these technologies bring many advantages but also many more potential ‘doors’ through which cyber criminals can access information or infiltrate systems.
“Threats follow the money and we predict that the VOIP trend and the Web 2.0 phenomenon will continue to influence future threats,” added Green. “VOIP is a particularly attractive target, given criminals can look to target both voice and data networks at the same time.”
|
