Study Finds Small Businesses Increasingly Prone to Threats from Malware

Anthony Freed
By | November 05, 2012

Posted in: Network Security Trends

Think your company is just too small to be the target of criminal hackers? It's time to change your mindset. According to a recently released study, small to medium-sized businesses (SMBs) are more prone to breaches resulting from viruses, worms, spyware and other forms of malware. Researchers found that a staggering 63% of small businesses and 60% of medium-sized companies reported they were the victims of data loss from malware attacks in the last twelve months.

The Global IT Security Risks survey conducted by Kasperky Labs and B2B International cites the lack of robust IT security measures in the majority of SMBs as being the leading cause of this heightened risk in comparison to larger enterprises which tend to grapple more with threats from advanced persistent threats involving phishing expeditions, corporate espionage targeting intellectual property, and distributed denial of service (DDoS) attacks.

The survey also revealed that many SMBs do not take a proactive approach to securing sensitive networks, with 15% of medium-sized companies and 19% of small businesses surveyed confirming that the focus on cybersecurity usually occurs only after a breach event has taken place.

"Small business suffers from two issues: One is the 'It can't happen to us' syndrome thinking only big data is at risk, and the second is from a lack of resources and proper action. The necessary resources to prevent attacks today is a big problem for small business. The victims of these crimes are often left wondering what happened, and many don’t even recognize they have become victims of a crime," security and fraud expert Robert Siciliano told Security Bistro.

The study also notes that larger companies typically have a higher level of awareness and IT security competency in general, with about half of respondents in that category employing licensed security solutions while 58% of medium-sized companies and 70% of small businesses operate under the assumption that unlicensed products will guarantee the same levels of protection against threats posed by malware, though these products may not be as up-to-date where emerging threats and new virus variants are concerned.

"As always with malware, there are many ways in which the victims are infected. Recently drive-by downloads have also played a big role, in particular users of some streaming video portals have been hit—though likely by compromised ads, not by the portals themselves," Siciliano explained.

The study also identified access control issues and a lack of adequate policies and procedures governing the use of personal devices as being key to threat exposure, with one-third of companies surveyed indicating they allow employees full access to corporate networks while less than 10% have any plans to implement restrictions. One in ten indicated they experienced a data loss event stemming from the loss of a mobile device.

The Global IT Security Risks survey was conducted in July of this year with data received from 3,300 company security professionals in over 20 countries, and demonstrates that SMBs have a long way to go in changing the status quo mindsets that undermine IT security efforts.

The full Global IT Security Risks report can be downloaded at no cost here.

You May Also Be Interested In: