While small and midsize businesses (SMBs) are now more aware about the need for IT security, they need to also realize that having only basic tools in place is no longer sufficient to battle cyber threats, note industry watchers.
A number of SMBs, with employees fewer than 500, that use security software grew about 4 percent in 2009 from 2008.
SMBs continue to mature in their adoption of the use of IT, their security needs are also evolving beyond merely blocking spam or preventing virus attacks.
As attacks become more complex as well as more malicious, SMBs are also finding that they need to seek a broader, more holistic approach to security to ensure their information is safe and secure.
According to IDC figures, the fastest growing product category was security and vulnerability management, which included software tools that create, monitor and enforce security policies, as well as determine the configuration, structure and attributes for a given device.
SMBs favor suite-based, end-to-end security solutions that provide a good scope of security capabilities at a lower cost because these suites are often easier to deploy and manage, they are suitable for smaller enterprises that have less in-house expertise.
Basic safeguards no longer sufficient
SMBs typically do not have the luxury of a dedicated IT team so security is not given the full attention it deserves.
Many SMBs use ‘checkbox’ security, such as ensuring only that antivirus and firewalls are installed. These methods are not enough to safeguard against today’s fast-evolving threat landscape.
Noting that malware threats and the security landscape have evolved dramatically over the past five years, he explained that simply deploying antimalware tools and firewalls is no longer enough to protect the dissolving network perimeter.
SMBs are more exposed to the “consumerization” of IT and are usually more willing to explore social networking and Web 2.0 tools to achieve cost savings and efficiency. This is largely also why IT security risks have a relatively stronger impact on SMBs, compared to larger enterprises.
The use of instant messaging and popular social networking sites such as Facebook and LinkedIn at the workplace, has also contributed to concerns over data flow as it increases the risk of inadvertent leakage of corporate information.
Organizations [therefore] not only require an integrated approach to cross-platform security, full-disk encryption and network access control, they also want to do it easily without upsetting the existing security infrastructure and incurring additional costs.
These come on the back of a recent survey by Symantec which noted that SMBs were placing data protection on a higher IT priority compared to 15 months ago, when a high percentage had failed to enact even the most basic safeguards.
It was also noted that 78 percent of SMBs Asia ranked data loss as their top business risk, while 55 percent pointed to cyber attacks.
The top IT improvement areas for 2010 for SMBs in Asia were to enhance security (74 percent), enhance backup and recovery (72 percent) and improve computing performance (69 percent).
Culled from its 2010 Global SMB Information Protection Survey conducted in May, Symantec polled 2,152 SMB executives and IT decision makers in 28 countries globally.
9 percent of Asian SMBs said they expect to see significant change in their data protection in the next 12 months and to increase spending on such tools by an average 18 percent in 2011.
Dealing with security
In order to improve awareness of IT security, SMBs are also recommended to develop holistic Internet security guidelines and educate employees in four key areas. “These areas comprise Internet safety, security and the latest threats, how to safeguard important business information and how to implement effective backup and recovery processes.
IT security within an organization and that of its systems, users and data, must be treated holistically as a single goal. To achieve this goal, it is suggested engaging a single provider that can cover all security requirements in a simple and unified manner.
A multifaceted approach is required here: awareness makes up one part of this, policy and ensuring compliance to policies is another adding that these should fused together with the right types of technology.