- Security TWENTY
- Women in Security Awards
Coinciding with Small Business Advice Week, the IT security product firm Kaspersky Lab brought out the results from their survey of very small businesses (VSBs) worldwide.
The survey found that despite an effective IT strategy being a vital component of any successful business, only 19 per cent of VSBs worldwide prioritise this as a top strategic concern (compared to 30 per cent of companies with over 100 employees and 35 per cent of enterprises). This often-neglected business category leaves businesses open to data breaches and hacks, according to Kaspersky Lab
The firm says that an effective IT strategy is a vital component of any successful business, and if managed properly, can enable a small business to accomplish big things. But the reality is that VSBs, which are often startups struggling to establish themselves, most often don’t have the money or IT expertise to properly implement vital IT components like security software. A new business owner will most likely pour all their resources into growing the sales of their core product or service, since investments in business infrastructure are meaningless if the business itself fails. But at what point should a VSB begin building an IT and security plan for the future, and what are the potential consequences if they wait too long?
According to IDC estimates, there are about 80 million businesses worldwide that operate with fewer than 10 employees. Many of these businesses adopt the ‘security by obscurity’ mentality, believing that they are too small to be targeted by cybercriminals and don’t have any data that cybercriminals would want. But Verizon’s 2013 Data Breach Investigations Report
Business owners must understand that as soon as they begin processing credit card payments, storing customer information, or even creating plans for new products, they possess information that is valuable to cybercriminals. In fact, some cybercriminals may prefer these ‘soft targets’ that are known to have poor IT protection. The resulting payoff for each victim attacked is smaller, but it can require less effort for the cybercriminal to attack numerous VSBs instead of a single larger business.
However, a key difference is larger businesses will have the funds to recover from an IT security incident, but costs of lost customer data, significant time spent offline, and associated clean-up expenses can add up to thousands of pounds depending on the type of incident, and be enough to drive a smaller business to bankruptcy.
According to Kaspersky Lab’s survey, VSBs understand the dangers of online threats. When asked about their top concerns associated with business IT, 35 per cent of VSBs ranked data protection among their top-three choices, the highest ranking amongst all business segments (26 per cent of medium-sized businesses and 29 per cent of enterprises did the same). For the same question, VSBs also ranked “Ensuring Continuity of Service for Business Critical Systems” as a top-three IT department concern at a rate comparable to larger businesses (only 2 per cent less than the total average). Clearly, VSBs are aware that their IT strategy plays a vital role in protecting sensitive data and keeping their daily business operations from being crippled by malware and cybercriminals.
Also, VSBs are well-informed about the benefits and security risks of using mobile devices within their businesses. 34 per cent of VSBs reported integrating mobile devices into their IT systems within the past 12 months, a rate of adoption that is nearly identical to larger businesses (32 per cent of large businesses, along with 35 per cent of enterprises). Moreover, VSBs are actually leading the charge in mobile device security awareness. 31 per cent of VSBs listed “Securing Mobile/Portable Computing Devices” as one of their top-three IT security priorities for the next 12 months. This number seems surprisingly high compared to the global average of 23 per cent of all businesses that have prioritised future mobile device security for the coming year. It seems this data disputes any claims that VSBs are less savvy about mobile device usage or mobile security risks than their larger competitors.
These findings show the IT firm says that low VSB prioritisation of IT strategy, and IT security, isn’t being caused by low awareness of important IT security issues. So what does cause it? A reasonable conclusion is that a lack of budget remains the biggest barrier preventing VSBs from adopting more advanced IT and IT Security measures. Therefore, Kaspersky Lab advises VSBs to invest in the security measures that will provide the most immediate benefit for the threats they commonly face. According to VSB survey respondents who reported losing business data from a cyberattack, 32 per cent reported malware as being the cause of their most serious incident, a rate that is double that was reported by enterprises (16 per cent). Another significant source of data loss for VSBs was traced back to software vulnerabilities, reported by 9 per cent of VSBs, a rate that is nearly the same as the 8 per cent global average citing this factor. This means software vulnerabilities are a security issue that affects businesses nearly equally, regardless of size.