McAfee: Many SMBs unprepared for online security threats

Too many SMBs think cybercrime is an issue for larger companies, McAfee says.

A surprisingly large number of small and midsize businesses appear to be either blissfully unaware of or uncaring about the online security threats they face, according to a survey conducted by security vendor McAfee.

In report about the telephone survey of officials from 500 U.S. and Canadian companies with fewer than 1,000 employees each, McAfee said that nearly 45 percent of the respondents didn't see their businesses as being valuable targets for cybercriminals, while more than half felt their organizations simply weren't well-known enough to attract the attention of attackers. About 35 percent admitted to not being concerned about cybercrime even though another 20 percent said their companies had been victimized by online crime, and almost one-third of the latter group said they had been attacked at least four times over the past three years.

Perhaps the most surprising finding was that nearly 20 percent of the surveyed companies said they had no security protections at all in place against online threats. Yet 90 percent said they relied heavily on the Internet for their business, noted Darrell Rodenbaugh, senior vice president of McAfee's midmarket business unit.

Many SMBs "think cybercrime is an issue for larger companies," Rodenbaugh said. "They think larger companies make better targets because that's where the money is." But the reality is quite the opposite, he added.

"Our information says that cybercriminals prefer smaller organizations because they are more easily attacked," Rodenbaugh said. That's because smaller companies often have far less manpower and financial resources to invest in IT security than their larger counterparts do.

On average, smaller companies employ just one to two full-time workers to handle all of their IT functions, according to Rodenbaugh. So it isn't surprising, he said, that many SMBs don't have anyone dedicated to information security, or that they devote at most an hour per week to security efforts. And often, companies that think they have sufficient protections really don't, Rodenbaugh said. For instance, roughly half of the respondents who felt their companies had adequate security controls told McAfee that they trusted the default settings on their IT equipment.

For the most part, McAfee's findings are an accurate reflection of attitudes toward IT security in the SMB market, said Adam Hils, an analyst at consulting firm Gartner. He agreed that many small and midsize companies which Gartner considers to be those with between 20 and 1,000 employees indeed don't think of themselves as likely targets of cyberattacks.

The situation is both the result of a lack of awareness and "a desire to not have to spend on security until you have to," Hils said. "It's easy to convince yourself of something if that's what you want to believe." But like Rodenbaugh, he said that in actuality, SMBs are more likely to be targets of cybercriminals because their systems increasingly are seen as being easier to break into than the ones at larger companies are.

Hils said that as a percentage of their IT budgets, SMBs do tend to spend more on security than larger companies do typically, 5 percent to 10 percent, as opposed to between 3 percent and 6 percent at bigger businesses. Even so, he added, the actual dollar amounts that small and midsize companies invest in security often aren't enough to keep them secure. "Most of the time, they're playing catch-up," Hils said.

According to Hils, SMBs usually spend most of their security budgets on antivirus and firewall tools, while focusing less on equally important technologies like intrusion detection and identity management systems. SMBs also tend to prefer working with just one or two security vendors, from which they expect products that address a wide range of threats, he said. That's one of the reasons why so-called unified threat management, or UTM, technologies have been gaining so much attention among midmarket companies.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?