Small business with less than 25 employees, are the last to grasp IT and information security as an important strategic matter.
A new report from Kaspersky shows that while 30% of organizations with more than 100 employees and 35% with more than 5,000 employees take It and Information security as one of the two top strategic issues – only 19% of smaller business feel the same way.
“Effective IT strategy is important to the success of any business and when it’s run properly, it helps smaller business accomplish big goals. In truth though, the reality is that small business, some of them struggling start-ups, there is the lack of money or IT specialty to implement proper security”, stated the report.
It also suggested that “The owner of a new business will probably invest all of his/her resources on sales or services, since investing in business infrastructure is meaningless if the business itself is failing.”
Research company IDC also has some tell tale statistics on small businesses. It appears that most of the 80 small million businesses worldwide (with less than 10 employees), adopt a ‘security through anonymity’ stance, their reasoning being that they feel that they’re too small to be attacked by net criminals, and also not having any valuable information for such attackers.
However, a s report shows that over 30% of data leaks analyzed in 2013, took place in companies with less than 100 employees. That in mind, Kaspersky is safe in assuming that small businesses are indeed numbered high among the casualties.
But do small business comprehend the dangers lying in the internet? It seems that they do. When asked about their main IT concerns’, 35% of the small business, 26% of medium and 29% of large ones, rated information security in the top 3. The report said that “It is obvious that small business are aware that their IT strategy plays a crucial role in the protection of flowing business activity and sensitive information from attacks made by malicious code and net criminals.”
It also appears that business owners are aware to both the benefits and security problems of mobile devices in the business. 34% reported that they entered one into their business IT infrastructure during the last year, an implementing rate almost identical to those of bigger organizations. Moreover, small business are in the lead when it comes to awareness to mobile device security: 31% mentioned it as one of the top 3 priorities in their IT security for the coming year. This counts as a high rate compared with the world average – 23%.
31% reported that malicious code was the cause to serious events that led to loss of data due to cyber attacks. This is double the percentage of what big organization reported (16%). Another factor in loss of data in small business was ‘holes in the software’ – 9% reported that, on par with the global average of 8%. This means that this problem effects businesses the same way, whatever their size might be.
The Kaspersky researchers concluded by stating that “As soon as businesses begin processing credit card payments, storing customer information, or even creating plans for new products, they possess information that is valuable to cybercriminals. In fact, some cybercriminals may prefer these “soft targets” that are known to have poor IT protection. The resulting payoff for each victim attacked is smaller, but it can require less effort for the cybercriminal to successfully attack numerous small businesses instead of a single larger business. And then comes the key difference: larger businesses will have the funds to recover from an IT security incident, but costs of lost customer data, significant time spent offline, and associated clean-up expenses can add up to thousands of dollars depending on the type of incident, and be enough to drive smaller business to go down in flames.”