McAfee: Many SMBs unprepared for online security threats

Too many SMBs think cybercrime is an issue for larger companies, McAfee says.

A surprisingly large number of small and midsize businesses appear to be either blissfully unaware of or uncaring about the online security threats they face, according to a survey conducted by security vendor McAfee.

In report about the telephone survey of officials from 500 U.S. and Canadian companies with fewer than 1,000 employees each, McAfee said that nearly 45 percent of the respondents didn't see their businesses as being valuable targets for cybercriminals, while more than half felt their organizations simply weren't well-known enough to attract the attention of attackers. About 35 percent admitted to not being concerned about cybercrime even though another 20 percent said their companies had been victimized by online crime, and almost one-third of the latter group said they had been attacked at least four times over the past three years.

Perhaps the most surprising finding was that nearly 20 percent of the surveyed companies said they had no security protections at all in place against online threats. Yet 90 percent said they relied heavily on the Internet for their business, noted Darrell Rodenbaugh, senior vice president of McAfee's midmarket business unit.

Many SMBs "think cybercrime is an issue for larger companies," Rodenbaugh said. "They think larger companies make better targets because that's where the money is." But the reality is quite the opposite, he added.

"Our information says that cybercriminals prefer smaller organizations because they are more easily attacked," Rodenbaugh said. That's because smaller companies often have far less manpower and financial resources to invest in IT security than their larger counterparts do.

On average, smaller companies employ just one to two full-time workers to handle all of their IT functions, according to Rodenbaugh. So it isn't surprising, he said, that many SMBs don't have anyone dedicated to information security, or that they devote at most an hour per week to security efforts. And often, companies that think they have sufficient protections really don't, Rodenbaugh said. For instance, roughly half of the respondents who felt their companies had adequate security controls told McAfee that they trusted the default settings on their IT equipment.

For the most part, McAfee's findings are an accurate reflection of attitudes toward IT security in the SMB market, said Adam Hils, an analyst at consulting firm Gartner. He agreed that many small and midsize companies which Gartner considers to be those with between 20 and 1,000 employees indeed don't think of themselves as likely targets of cyberattacks.

The situation is both the result of a lack of awareness and "a desire to not have to spend on security until you have to," Hils said. "It's easy to convince yourself of something if that's what you want to believe." But like Rodenbaugh, he said that in actuality, SMBs are more likely to be targets of cybercriminals because their systems increasingly are seen as being easier to break into than the ones at larger companies are.

Hils said that as a percentage of their IT budgets, SMBs do tend to spend more on security than larger companies do typically, 5 percent to 10 percent, as opposed to between 3 percent and 6 percent at bigger businesses. Even so, he added, the actual dollar amounts that small and midsize companies invest in security often aren't enough to keep them secure. "Most of the time, they're playing catch-up," Hils said.

According to Hils, SMBs usually spend most of their security budgets on antivirus and firewall tools, while focusing less on equally important technologies like intrusion detection and identity management systems. SMBs also tend to prefer working with just one or two security vendors, from which they expect products that address a wide range of threats, he said. That's one of the reasons why so-called unified threat management, or UTM, technologies have been gaining so much attention among midmarket companies.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?