According to a Kaspersky Lab survey of businesses worldwide, including the Gulf region, very small businesses (VSBs) with fewer than 25 employees are the least likely to view “IT Strategy” as a top strategic concern.
According to a Kaspersky Lab survey of businesses worldwide, including the Gulf region, very small businesses (VSBs) with fewer than 25 employees are the least likely to view “IT Strategy” as a top strategic concern. Only 19% of VSBs worldwide and 15% in the GCC reported IT Strategy as one of their top strategic concerns, compared to 30% (18% in the GCC) of businesses with more than 100 employees, and 35% (43% in the GCC) of enterprises with 5,000 employees or more. These survey results, summarized in Kaspersky Lab’s 2014 IT Security Risks report, illustrate a key challenge for VSBs. An effective IT strategy is a vital component of any successful business, and if managed properly, can enable a small business to accomplish big things.
Many of small and very small businesses believe that they are too small to be targeted by cybercriminals and don’t have any data that cybercriminals would want. But Verizon’s 2013 Data Breach Investigations Report, which includes data from worldwide forensic investigations, found that of the 621 data breaches analyzed, 193 breaches – more than 30% – occurred at companies with 100 or fewer employees[i]. As soon as companies begin processing credit card payments, storing customer information, or even creating plans for new products, they possess information that is valuable to cybercriminals. Some cybercriminals may prefer these “soft targets” that are known to have poor IT protection.
According to Kaspersky Lab’s survey, VSBs understand the dangers of online threats. When asked about their top concerns associated with business IT, 35% (25% in the GCC) of VSBs ranked “Data Protection” among their top choices, along with “Preventing IT security breaches”. This shows a lot of VSBs are aware that their IT strategy plays a vital role in protecting sensitive data and keeping their daily business operations from being crippled by malware and cybercriminals.
Also, VSBs are well-informed about the benefits – and security risks – of using mobile devices within their businesses. 34% of VSBs globally reported integrating mobile devices into their IT systems within the past 12 months, a rate of adoption that is nearly identical to larger businesses. These findings show that low VSB prioritization of IT strategy, and by extension IT security, isn’t being caused by low awareness of important IT security issues. A reasonable conclusion is that a lack of budget remains the biggest barrier preventing VSBs from adopting more advanced IT and IT Security measures. Therefore, Kaspersky Lab advises VSBs to invest in the security measures that will provide the most immediate benefit for the threats they commonly face.
According to VSB survey respondents around the world who reported losing business data from a cyberattack, 32% said “Malware” being the cause of their most serious incident, a rate that is double what was reported by enterprises (16%). Another significant source of data loss for VSBs was traced back to “Software Vulnerabilities,” reported by 9% of VSBs, a rate that is nearly the same as the 8% global average citing this factor. This means software vulnerabilities are a security issue that affects businesses nearly equally, regardless of size.
Security advice
With the above noted facts in mind, Kaspersky Lab recommends a comprehensive security solution as an investment VSBs should consider. For example Kaspersky Small Office Security, is built to include business-grade technologies in a form that doesn’t require IT expertise to operate, and includes the industry’s leading anti-malware engine, along with a software vulnerability scanner to identify any machines that could be exploited by cybercriminals. Kaspersky Small Office Security also includes both malware protection and anti-theft features for mobile devices, which VSBs are rapidly adopting, along with data encryption tools to ensure customer data is protected from theft or accidental deletion.
In addition, it is important to develop an appropriate security strategy, which should be individually tailored to the organisation and contain the following key elements:
- Risk assessment
- Development of appropriate policies and processes
- Emergency plan
- Creation of a team of employees responsible for ensuring adherence to these standards
- Implementation of security solutions for all devices that have access to corporate data
- Strategies for security updates which should be done regularly
- Strategies for sensitising employees to security matters
- Documentation of all measures.
You can learn more at Kaspersky Lab webpages: about Kaspersky Small Office Security and security for small and very small business.
[i]Verizon Communications Inc.'s forensic analysis unit
