SMBs Still "Highly Vulnerable" To Cyber-Threats, Says Report
Limited Resources, IT Complexity, Inadequate Security Investments
Jul. 29, 2005 09:00 AM
"These studies demonstrate that SMBs need to better automate their security, backup and PC upgrade processes," said David Luft, senior vice president of SMB product development at CA, as Computer Associates announced today that small and medium businesses (SMBs) remain highly vulnerable to a variety of cyber-threats - resulting in unacceptable exposure to significant business risk.
"CA has responded to this urgent market need with solutions that allow SMBs to implement important risk-mitigating best practices despite their lack of in-house IT security manpower," Luft continued.
According to surveys of senior managers conducted for CA by Quocirca, Ltd. a leading independent business analyst organization, many SMBs do not have sufficient resources to implement proven security best practices - such as periodic security reviews, proactive patch management and/or appropriate testing of data backup and recovery systems.
Quocirca surveyed 240 senior managers from companies in the U.S. with less than 1000 employees and 200 senior managers from companies in four European countries with less than 300 employees.
Key findings of the studies include:
- SMBs have relatively limited resources with which to manage their increasingly dense and heterogeneous IT environments. About 25% of larger SMBs still rely on non-experts to manage IT. For small businesses and SOHO users, that number rises to about 50%. SMBs in the European countries surveyed had even fewer dedicated IT staff than their U.S. counterparts.
- The SMB IT environment is surprisingly complex. Despite their size, SMBs often wind up with a wide range of hardware and software resources. Older versions of Windows typically co-exist with newer ones -- and many larger SMBs use a combination of Windows, UNIX and Linux. This makes security management more difficult and time-consuming.
- Security and data protection processes are often managed manually -- and therefore frequently neglected. Only 25% of SMBs surveyed are using automated software to manage their backups. Approximately 20% have no backup capabilities at all. Of those backing up their servers, more than 30% have not checked their ability to recover files in more than a year.
- SMBs are slow to react to emerging threats. More than 75% of SMBs utilize a high-speed internet connection, yet more than 25% said they had not checked the security of their internet connection in at least a year. And while 80% deployed antivirus software, less than 50% have installed anti-spyware solutions -- leaving them open to a rapidly growing range of potentially destructive threats.
- Poor patch management leave many SMBs open to known security vulnerabilities. While many SMBs take advantage of Microsoft's automated updates, less than 30% use automated patch management software to ensure the safety of their non-Microsoft applications. In larger SMB environments, where the testing and central management of patches is even more crucial, only 40% are using automated patch management software.
"These studies reveal that while SMBs continue to embrace technology, a disturbing number lack the resources necessary to protect their IT assets in a sufficiently organized manner," said Bob Tarzey, service director at Quocirca Ltd. "SMBs need to make sure they have a comprehensive security and backup strategy in place for their increasingly business-critical computing infrastructure."
CA released the Quocirca studies in conjunction with the general availability of five attractively priced Protection Suites that fulfill the security, storage and data migration needs of SMBs. Offered in 17 languages, the Protection Suites also provide the simplified technology acquisition, deployment and ownership that are so important for under-resourced businesses. Additional information is available at http://ca.com/protectionsuites.