SMBs Getting Hammered by New Threats

A new study shows that small and medium businesses (SMBs) are fighting a difficult battle against phishing and spyware.

”Small and medium businesses have less access to expertise,” says Bob Hansmann, a senior manager for Trend Micro, Inc., a security company based in Tokyo and with U.S. headquarters in Cuptertino, Calif. ”The more access you have to expert advice, the better prepared you are. Otherwise, you’re left with a situation where someone in the company reads up on the issue and runs with the first solution he comes across so he can move on to the next problem.”

The study, conducted by Trend Micro, clearly shows that organizations lacking IT departments are experiencing increasing problems with security threats &#151 from spam to spyware to phishing. Thirty-eight percent of United States respondents from small- and medium-sized businesses that have IT support said they had contacted IT about a security concern or breach within the past three months. In Japan, that number is 30 percent and in Germany it’s 44 percent.

The findings spotlight the challenge smaller organizations face in scaling IT resources to provide technical advice, conduct system scans, clean machines manually, deploy patches and security policies and educate staff in order to ensure a secure working environment, according to Trend Micro analysts.

Hansmann says the study also shows that 46 percent of small- and medium-business customers reported having problems with spyware, while only 35 percent of enterprise customers reported the same. Hansmann also notes that these numbers closely correlate with the statistics that show that 54 percent of small- and medium-sized businesses have an IT staff, while 91 percent of enterprise customers have their own staffs.

But Hansmann says there’s another aspect to spyware and phishing that is making the threats harder to deal with.

”It’s the newness of the problem,” he explains. ”These are emerging threats. The old problems &#151 like viruses and even spam &#151 have been around for a while. Phishing and spyware are only about a year old, and that contributes to the expertise problem. The problems are new. The solutions are new. They don’t have in-house experts.”

Adapted from esecurityplanet.com.