SMBs’ awareness of IT security has been steadily rising recently but more needs to be addressed before they can be better secured.

Security, they say, is only as good as the weakest link. And in today’s pervasive world where information and communication technology is so prevalent, a weak link is the last thing a business needs to contend with.

So it comes as no surprise that there has been a rise in the awareness of IT security.

Driving this trend forward is the fact that cyber crimes today are no longer committed by a bunch of people out there in the online world motivated by notoriety, whose goal is to create chaos, establishing fame and bragging rights amongst their community.

Cybercriminals today are in fact extremely organised and, like any other organised crime syndicate, are driven solely by the profit motive. They have become so advanced in their approach that they are constantly seizing the opportunity to exploit the online world by any means necessary.

In a recent press briefing, Symantec Corporation, one of the biggest IT security firms, notes that small and mid-sized businesses (SMBs) are making the protection of their information their highest IT priority, as opposed to 15 months ago when a high percentage had failed to enact even the most basic safeguards.

These findings are based on its latest 2010 Global SMB Information Protection Survey and was culled from 2,152 SMB executives and IT decision makers in 28 countries globally. Symantec defines SMBs as companies with 10 to 499 employees.

In the survey, 1,000 of those respondents were taken from Asia Pacific and Japan, including China, Hong Kong, India, Japan, Korea, Malaysia, Singapore and Thailand.

This shift in priorities for SMBs is not surprising given that the increased threats from cyber attacks, lost devices and loss of confidential or proprietary data is estimated to cost the average SMB globally approximately US$51,000 a year to protect its information.

Concerns of SMBs in Malaysia

According to Nigel Tan, principal consultant for South Asia, Symantec, SMBs in Malaysia rank data loss (78%) and cyber attacks (55%) as their top business risks.

He says the top IT improvement areas for 2010 for SMBs in Malaysia are to enhance security (74%), enhance backup and recovery (72%), and improve computing performance (69%).

Another interesting point is that SMBs in Malaysia are forecast to increase their spending on information protection by an average of 18% in 2011.

This trend is very significant as SMBs are very sensitive to spending, especially in the area of IT security. But as the world becomes more interconnected, SMBs are moving away from merely e-mail and Web surfing and more into the realm of advanced services such as e-commerce, e-banking and e-procurement.

The Symantec survey also shows that IT security threats are very imminent to SMBs in Malaysia. For example, 76% of respondents surveyed saw cyber attacks in the past year, with 51% of the number of attacks stayed the same/increased over the last 12 months.

Cybercriminals typically go after customer and employee personal information, credit card/financial information and corporate data, noted Symantec. This leads to loss of revenue, damaged reputation, and loss of productivity.

These recent survey results clearly show that this trend is changing as SMBs are being forced to reckon with malicious cyber activity that may cripple their businesses because they are unprotected or at most protected minimally.

Research firm IDC notes that as SMBs continue to mature in their adoption and use of IT, their security needs are also evolving beyond merely blocking spam or preventing virus attacks.

As attacks become more complex as well as more malicious, SMBs are also finding that they need to seek a broader, more holistic approach to security to ensure their information is safe and secure.

And as their infrastructure grows, they find themselves needing to address the security of a multitude of endpoints that could potentially leave them vulnerable or to loss of data.

How to deal with it?

Symantec notes that as SMBs become more aware of the need to move beyond basic IT security, there needs to be greater awareness especially amongst employees.

Tan says that companies need to develop holistic Internet security guidelines and educate employees about Internet safety, security and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices, he notes.

I can’t agree more. No longer can businesses – tech-savvy or otherwise – say they’ve no clue about these kinds of issues, or that it’s too complicated for them to learn.

Because SMBs can no longer afford to be complacent about IT security and as Tan says, one data breach could mean financial ruin for an SMB. There is a need to implement a complete protection solution to ensure proprietary information – whether its credit card information, customer data or employee records – is safe.

Another thing that comes to mind is that all in the industry, particularly security players, government ministries and not-for-profit agencies, should come together and hatch better educational and awareness programmes for Joe Public.

SMBs must also look seriously into back up and recovery, and apply the appropriate solution to their businesses. As Symantec says, an effective backup and recovery plan protecting information is more than implementing an antivirus solution.

Backup and recovery is a critical component of complete information protection to keep SMBs’ desktops, servers and applications running smoothly in case of disruption – whether it’s a flood, an earthquake, a virus or a system failure.

But in doing so, vendors such as Symantec and the rest, have to ensure that the first goal on their agenda is to educate SMBs about the threats and traps hackers use without pushing their respective products and services onto would-be paranoid business users.

And while they are at it, they must do so in layman terms, minus all the jargon and intricacies that will inevitably scare techno-phobics away.

Then perhaps, the culture of addressing IT security will also improve, and with it, SMBs becoming more protected in this highly interconnected world.

One Response to “Tech Enterprise: Towards Better IT Security”

1. understanding-preexisting-conditions-and-medicare says:

   November 23, 2011 at 12:55 am

   Informative and precise…

   Its hard to find informative and precise info but here I noted…

   Log in to Reply