Security, data loss ‘top concerns for SMBs’
Dubai, December 4, 2011
The majority of small and medium sized businesses (SMBs) in Egypt, Saudi Arabia and the UAE are not taking effective measures to secure and back-up their important information, nor are they setting aside a dedicated budget for IT, said a report.
“It is a major concern to find that while SMBs place significant importance on critical information such as financial records, customer databases and corporate data; yet they are taking very basic measures to back-up and secure that information,” said Johnny Karam, regional director for Mena, Symantec, which conducted the Small and Medium Business Information Management and Security Study in the Middle East in partnership with research company YouGov.
“Symantec’s latest intelligence report shows that the UAE and Saudi Arabia rank high for phishing and virus attacks, so we know the threats are real in this part of the world. Global trends also show that cybercriminals are more likely to target small businesses as they have more money than individual targets and far less security than large enterprises.”
The survey found that SMBs in Saudi Arabia, Egypt and UAE are spending up to $10,000 per annum on IT; with the 17 per cent majority spending in the range of $1,000 to $5,000.
Forty-five per cent of respondents in Egypt do not have a fixed annual budget for IT and are making purchase decisions as and when needed, the same is true for 45 per cent in UAE and 39 per cent in Saudi Arabia.
“The survey results tell us that a high percentage of SMBs are making purchase decisions for IT on a need basis, without threat assessment of their critical information, and without long term planning,” said Karam.
“It is likely these adhoc purchase decisions are being made to rectify issues only after they happen. SMBs would benefit greatly from a more strategic approach to IT. They could actually save money, given that the costs associated with a security breach or loss of data, loss of business and most importantly damage brand reputation,” he added.
In Egypt, data loss due to power failure was noted as the issue faced most frequently, while UAE and Saudi Arabia highlighted the inability to recover data from back-ups as the biggest problem. In addition, the research found that the frequency of back-ups was not optimum, with only one third of respondents backing up on a daily basis.
Only a quarter (26 per cent) of respondents claim they have never experienced an issue recovering data from their back-up, or faced loss of data due to power failure.
“The issues recovering data could be a result of a lack of understanding relating to backing-up of data,” commented Karam.
“The vast majority of SMBs we surveyed truly believe that by copying data to a CD, DVD or hard drive, they were backing-up that data. Considering the rate at which data is expected to grow this coming year, small business owners need to consider back-up and recovery solutions that ensures invaluable information – such as financial records, customer databases, employee data – is available and better protected.”
Between 57 and 72 per cent of respondents identified virus attacks as a key concern and between 44 and 63 per cent expressed concerns around external hacks. On average across the region, only 29 per cent claim they had never faced a known attack on their systems by a virus or malicious code.
Despite these concerns and the high incidence of issues being faced by SMBs, when asked what security measures were being taken against these attacks, only the very basic security protection is implemented.
Internet antivirus, automated antivirus checks, password protection for network access, firewalls and user authentication where the five most common IT security measures implemented across all three markets. More advanced security measures like authorization for downloads, encryption of sensitive data and archiving of information were not as commonly implemented by SMBs across the Middle East.
For example, fewer than 60 per cent of respondents encrypt sensitive documents. In addition, the survey shows that in Saudi and Egypt, less than half of the respondents are archiving data, 49 per cent in Saudi and 44 per cent in Egypt; while in UAE only 52 per cent are archiving their data.
Symantec recommendations for SMBs in the region:
Develop an IT strategy and budget: Consider the financial implications around a breach of information, data loss, virus or malware attack. Now consider the other implications, like loss of time or worse – loss of brand reputation.
SMB’s should regularly evaluate their security and data protection strategies in order to make more planned decisions. Handling IT on an ‘as needed’ basis could mean you end up spending far more than anticipated particularly when issues arise.
Select trusted solutions that fit your needs: There are several backup options for SMBs, whether it’s software, hardware or moving to the cloud. Small and medium businesses should start by finding a solution that best fits their needs and then consider, categorize and prioritize the data they need to backup and protect. It is important to know where data is, who needs to access it, who is accessing it and then consider a backup solution that can help protect that information.
Take action and protect your business: Cyberattacks are evolving and becoming more toxic and targeted; the threats are very real in the Middle East region. SMB’s need to assess their security situation, put a security strategy in place and implement security solutions that will offer them all-round intelligent security that goes beyond antivirus but also looks at antimalware. – TradeArabia News Service