News

Small Companies Lax About Computer Security, Report Finds

Large companies are valuable targets for cyber criminals, but what about the small fry? Software security firm McAfee took a gauge of opinions, finding that some small and medium-size businesses don't seem that concerned about potential hacks. At least that's what its recent survey suggested.

The results were collected from telephone interviews of officials at small companies, which were defined as having less than 1,000 employees. McAfee surveyed at least 500 respondents at U.S. and Canadian firms.

The report said that 45 percent of those surveyed didn't think their enterprise environment was threatened by cybercriminals. What's more, at least 250 of the IT pros who picked up the horn and answered McAfee's survey questions believed their company didn't have the big brand name to attract hackers.

"For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation," stated Darrell Rodenbaugh, senior vice president of the mid-market segment at McAfee in a press release accompanying the report. "Just because a business is small does not mean it is immune to security threats."

The report added that 35 percent of respondents weren't even concerned about attacks, but about 34 percent said they'd been attacked at least four times in the past three years.

Defining Security
Every other week, month or quarter, the reports pile up, chronicling inside jobs, the proliferation of malware and a general apathy among many IT managers and staffers toward computer security. Critics of such reports might say that they come from vested interests that just publish alarming numbers to sell security solutions.

Not so, says Christian Phillips, head of security for the Regulus Group, a remittance and general business-process outsourcing company for several Fortune 500 companies. He added that many of these studies have demonstrated a noticeable pattern.

"Security is job one when you're defining a business strategy," Phillips said. "It's not just a reactionary tactic or something to get proactive about when there are threats, but a necessity."

When a peer company is attacked, it's an "issue." However, when your enterprise is attacked, it's a "problem," security experts say.

Threats of All Kinds
New threats emerge every day. Just last week, commercial air carriers Delta and Northwest warned customers about bogus e-mails posing as airline ticket invoices, which might contain malicious code, spyware and malware. The airline urged potential customers and anyone getting such spam to delete the messages without opening them.

Craig Schmugar, a researcher at McAfee, confirmed the threat in the software company's blog. The e-mails are said to look like authentic correspondence from the airlines and even provide a screen that looks like a log-in interface asking for a username and password. The message typically says that the user's credit card has been charged by an amount, usually in the $400 range. There is even an attachment claiming to be the invoice for the ticket and credit card charge.

With larger DNS threats in the offing, taking control of security measures makes sense, according to Andrew Storms, director of security at San Francisco-based nCircle.

"For those of us who breathe infosec everyday, it's a no brainer to devote resources into the remediation and risk reduction strategies surrounding threats," Storms said. "And it should be a no brainer to people in IT circles everywhere and outside of IT at the executive level."

If you have a computer and it processes critical information, "secure your network, period," Storms added.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.