Publications
Partners
Cape Town – Very small businesses (VSBs) with fewer than 25 employees are the least likely to view IT strategy as a top strategic concern, according to a survey.
According to a Kaspersky Lab survey undertaken on businesses worldwide, only 19% of VSBs worldwide reported IT strategy as one of their top-two strategic concerns, compared to 30% of businesses with more than 100 employees, and 35% of enterprises with 5 000 employees or more.
These survey results, summarised in Kaspersky Lab’s 2014 IT Security Risks report, illustrate a key challenge for VSBs. An effective IT strategy is a vital component of any successful business, and if managed properly, can enable a small business to accomplish big things.
Many of small and very small businesses believe that they are too small to be targeted by cyber criminals and don’t have any data that cyber criminals would want. However, Verizon’s 2014 Data Breach Investigations Report, which includes data from worldwide forensic investigations, found that of the 621 data breaches analysed, more than 30% occurred at companies with 100 or fewer employees.
Graphs from the Verizon report:
“The trend for payment card theft is quite fascinating; it rises quickly to a peak in 2010, and then exhibits a negative slope. There’s an uptick in 2013, but it was still the first year in the history of this report where the majority of data breaches did not involve payment cards.”
As soon as companies begin processing credit card payments, storing customer information, or even creating plans for new products, they possess information that is valuable to cyber criminals. Some criminals may prefer these “soft targets” that are known to have poor IT protection.
According to Kaspersky Lab’s survey, VSBs understand the dangers of online threats. When asked about their top concerns associated with business IT, 35% of VSBs ranked “Data Protection” among their top-three choices. This shows a lot of VSBs are aware that their IT strategy plays a vital role in protecting sensitive data and keeping their daily business operations from being crippled by malware and cybercriminals.
Graph from the Kaspersky report:
Also, VSBs are well-informed about the benefits – and security risks – of using mobile devices within their businesses. 34% of VSBs reported integrating mobile devices into their IT systems within the past 12 months, a rate of adoption that is nearly identical to larger businesses.
Moreover, VSBs are actually leading the charge in mobile device security awareness. 31% of VSBs listed “securing mobile or portable computing devices” as one of their top-three IT security priorities for the next 12 months.
This number seems high compared to the global average of 23% of all businesses that have prioritised future mobile device security for the coming year. It seems this data disputes any claims that VSBs are less savvy about mobile device usage or mobile security risks than their larger competitors.
Lack of budget
These findings show that low VSB prioritisation of IT strategy, and by extension IT security, isn’t being caused by low awareness of important IT security issues. A reasonable conclusion is that a lack of budget remains the biggest barrier preventing VSBs from adopting more advanced IT and IT security measures.
The Kaspersky Lab said VSBs should invest in the security measures that will provide the most immediate benefit for the threats they commonly face.
According to VSB survey respondents who reported losing business data from a cyber-attack, 32% reported “malware” being the cause of their most serious incident, a rate that is double what was reported by enterprises (16%).
Another significant source of data loss for VSBs was traced back to “software vulnerabilities,” reported by 9% of VSBs, a rate that is nearly the same as the 8% global average citing this factor. This means software vulnerabilities are a security issue that affects businesses nearly equally, regardless of size.
Graph from the Kaspersky report:
Security advice
It is important to develop an appropriate security strategy, which should be individually tailored to the organisation and contain the following key elements:
- Risk assessment
- Development of appropriate policies and processes
- Emergency plan
- Creation of a team of employees responsible for ensuring adherence to these standards
- Implementation of security solutions for all devices that have access to corporate data
- Strategies for security updates which should be done regularly
- Strategies for sensitising employees to security matters
- Documentation of all measures.
According to a Kaspersky Lab survey undertaken on businesses worldwide, only 19% of VSBs worldwide reported IT strategy as one of their top-two strategic concerns, compared to 30% of businesses with more than 100 employees, and 35% of enterprises with 5 000 employees or more.
These survey results, summarised in Kaspersky Lab’s 2014 IT Security Risks report, illustrate a key challenge for VSBs. An effective IT strategy is a vital component of any successful business, and if managed properly, can enable a small business to accomplish big things.
Many of small and very small businesses believe that they are too small to be targeted by cyber criminals and don’t have any data that cyber criminals would want. However, Verizon’s 2014 Data Breach Investigations Report, which includes data from worldwide forensic investigations, found that of the 621 data breaches analysed, more than 30% occurred at companies with 100 or fewer employees.
Graphs from the Verizon report:
“The trend for payment card theft is quite fascinating; it rises quickly to a peak in 2010, and then exhibits a negative slope. There’s an uptick in 2013, but it was still the first year in the history of this report where the majority of data breaches did not involve payment cards.”
As soon as companies begin processing credit card payments, storing customer information, or even creating plans for new products, they possess information that is valuable to cyber criminals. Some criminals may prefer these “soft targets” that are known to have poor IT protection.
According to Kaspersky Lab’s survey, VSBs understand the dangers of online threats. When asked about their top concerns associated with business IT, 35% of VSBs ranked “Data Protection” among their top-three choices. This shows a lot of VSBs are aware that their IT strategy plays a vital role in protecting sensitive data and keeping their daily business operations from being crippled by malware and cybercriminals.
Graph from the Kaspersky report:
Also, VSBs are well-informed about the benefits – and security risks – of using mobile devices within their businesses. 34% of VSBs reported integrating mobile devices into their IT systems within the past 12 months, a rate of adoption that is nearly identical to larger businesses.
Moreover, VSBs are actually leading the charge in mobile device security awareness. 31% of VSBs listed “securing mobile or portable computing devices” as one of their top-three IT security priorities for the next 12 months.
This number seems high compared to the global average of 23% of all businesses that have prioritised future mobile device security for the coming year. It seems this data disputes any claims that VSBs are less savvy about mobile device usage or mobile security risks than their larger competitors.
Lack of budget
These findings show that low VSB prioritisation of IT strategy, and by extension IT security, isn’t being caused by low awareness of important IT security issues. A reasonable conclusion is that a lack of budget remains the biggest barrier preventing VSBs from adopting more advanced IT and IT security measures.
The Kaspersky Lab said VSBs should invest in the security measures that will provide the most immediate benefit for the threats they commonly face.
According to VSB survey respondents who reported losing business data from a cyber-attack, 32% reported “malware” being the cause of their most serious incident, a rate that is double what was reported by enterprises (16%).
Another significant source of data loss for VSBs was traced back to “software vulnerabilities,” reported by 9% of VSBs, a rate that is nearly the same as the 8% global average citing this factor. This means software vulnerabilities are a security issue that affects businesses nearly equally, regardless of size.
Graph from the Kaspersky report:
Security advice
It is important to develop an appropriate security strategy, which should be individually tailored to the organisation and contain the following key elements:
- Risk assessment
- Development of appropriate policies and processes
- Emergency plan
- Creation of a team of employees responsible for ensuring adherence to these standards
- Implementation of security solutions for all devices that have access to corporate data
- Strategies for security updates which should be done regularly
- Strategies for sensitising employees to security matters
- Documentation of all measures.
