On the heels of a recent Symantec study showing that most SMBs do not implement basic security measures is another report that confirms the poor state of computer security in small and medium-sized businesses.
According to this new security report by Panda Security, a survey of 5,760 SMBs from around the world showed that 55 percent of respondents have been recently infected by Internet threats. Companies in the United States fared slightly better, with 44 percent of the more than 1,400 U.S. respondents having been infected. But 10 percent of the SMBs in the U.S. were affected to the point that they had to stop production in order to remedy it.
I'm not going to regurgitate the details of the survey here, but let's just say that all the usual excuses are present. For one, sizeable percentages of the polled SMBs say they do not have basic defenses for spam, anti-spyware software, or even firewalls in place. The cited reasons for this sad state of affairs range from cost to a perception that they are not necessary.
I feel that the heart of the matter has to do with the need for a paradigm shift in the way SMBs treat security. For example, consider the fact that most SMBs are familiar with the need for an Uninterrupted Power Supply (UPS) to protect against blackouts or brownouts. As you can imagine, few organizations will skimp on the purchase of UPS hardware, especially when it comes to mission-critical servers.
By the same token, SMBs must understand that times have changed and security can no longer be considered as "another" cost center or unwarranted strain on the budget. While there was certainly a time when a basic firewall was more than adequate protection, this is no longer true.
Today, the baseline requirement to maintain a basic level of security for corporate networks might range from application-aware firewalls, overlapping layers of antivirus or antimalware protection, or even proactive monitoring of the network against new threats. And these obviously come on top of basic business continuity and disaster recovery plans.
In conclusion, it is high time for SMBs to drop their excuses for shoddy security. After all, you never let the need or cost arguments convince you to get an automobile without any seatbelts or airbags, did you?