"Does Size Matter?"

2008-07-31

"Just because a business is small, it doesn't mean it's immune to security threats."

A new survey conducted by McAfee titled "Does Size Matter? The security challange of the SMB", reveals that small to medium size businesses do not feel targeted by cybercriminals. The survey included 500 companies with 2 - 1000 employees in the United States and in Canada. This survey's results were compared to last year's survey of the same nature conducted in Europe. The findings show that "SMBs on both sides of the border feel that they are too small to be of any value to cybercriminals, and most SMBs are confident that they are adequately protected by default settings on their IT equipment."

While these businesses do not feel at risk, 90 percent of the firms did admit that online access is very important to running their business. Darrell Rodenbaugh, senior vice president for McAfee's mid-market sector, stated, "What came out of this (report) was, not only are they a target, but that a lot of the cybercriminals would prefer to go after the small - and medium sized businesses, and one-in-three have said that if they had a serious attack, it would put them out of business."

The report reveals that one in five of the businesses that participated in the study have suffered an IT security attack, and a third of those businesses have suffered more than four IT security attacks. Jeff Wilson, Ifonetics Research, was quoted in the report saying, "Working on computers and accessing networked resources and the Internet are the life blood of modern business, and anything that blocks access to electronic resources is crippling. Small and medium businesses lose roughly half of their revenue annually to security downtime. At medium organizations, spyware alone is responsible for a major portion of downtime costs at 47 percent and small organizations aren't far behind at 40 percent of downtime costs. Server malware is also a big problem for both of these groups."

With downtime costs so high, McAfee studied the average time it took for these small to medium sized businesses to recover. The survey showed that 26 percent of the businesses in the United States and 36 percent of businesses in Canada took an entire week to recover. In a similar survey conducted in Europe, the percentage of businesses who had taken one week to recover from an attack are as follows:

The Netherlands:6% Italy: 15% United Kingdom: 18% Germany: 24% France: 28% Spain: 50%

The survey shows that most small to medium sized businesses simply feel that they do not have anything of value to cyber criminals, but Rick Jackson, director of North American small business at McAfee, states "Almost any small business, even the very small ones with less than five employees, will at the very least have some stored records of confidential customer and employee information that would be of use to a cyber criminal. Especially to commit crimes like identity theft."

The survey exposed some very interesting statistics regarding small to medium sized businesses and their feelings towards IT security.

35 percent said they are "not concerned" about being a target for cybercrime

52 percent don't think they are well known enough to be a target for cybercriminals

45 percent do not think they are a valuable target for cybercriminals

46 percent do not think they could make a cybercriminal any money

44 percent think cybercrime is an issue for larger companies

The survey has some very eye opening statistics, along with some guidelines and security suggestions for small to medium sized businesses. You can download the entire survey and find out some more interesting facts here.

"For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. Just because a business is small, it doesn't mean it's immune to security threats." - McAffe 'Does Size Matter - The security challenge of the SMB'