All About Securing SMB Data

The increasing annoyance of web threats has alarmed organizations towards implementing more comprehensive, preventive security solutions. As far as security environment of SMBs are concerned they are now no longer different from their large enterprise counterparts. The time has come for the Indian SMBs to frame a strong security policy.

The explosive growth of the SMB sector is driving the ultimate growth of the Indian economy. The increase in mobile workers and the growth of internet have compelled the SMBs to embrace IT. With the advent of broadband at competitive prices, the threat of viruses and spam has escalated. In a global perspective in the cyber space, threats are common for an SMB user or a corporate user. What matters is how critical the data is and how secured it needs to be. Till recently Indian SMBs focused on deploying basic stand alone security solutions. But as businesses progress towards deploying firewalls, VPNs and IDS, managed security services will offer the twin benefits of convenience and cost-effectiveness.

As per a recent survey by AMI Partners, Indian SMBs are expected to spend near about $161 million on beefing up their IT security solutions this year. This is a whopping up of 41% over last year. This investment may be contributed to the growth of usage in the internet as well as strict rules to follow regulatory compliance standards. According to the survey, almost 50 percent of India's MBs (100-999 staff) and 36 percent of SBs (1-99 staff) have experienced malware attacks and hard drive failures over the past 12 months, emphasizing the need for better security protection.

Security Scenario at SMBs

According to IDC, there are about 10 million organizations that can be classified as SMBs. These organizations spend about Rs 3,400 crores on IT products and services. In a recent IDC market analysis report titled ‘Worldwide Antivirus 2004-2008’, 31% respondents indicated Viruses, Trojans and malicious code as the greatest threat to their businesses along with Spyware which is ranked as amongst the top four threats for SMBs today. Majority of small businesses are using pirated software which makes them vulnerable to a virus attack. Because small businesses do not update their systems with the latest patches, it makes them a soft target for attacks. Small companies have small networks, which can be managed efficiently by the internal IT teams of these organisations. Opines Ajay Verma, director, Channel and Alliances, Symantec India, “Right now, we're seeing an increase in phishing, spam, bot networks, Trojans, and zero-day threats, and more malicious code being created to target specific organizations for information that can be used for financial gain. We're also seeing an increase in data theft and data leakage.”

Indian SMB’s are looking at an integrated security box that meets the complete security requirement and they are looking beyond the price tag and giving weight-age to hassle free solutions. Informs Niraj Kaushik, country manager, Trend Micro, “Many growing businesses benefit from the ability to focus and execute at a fast pace, but often suffer from lack of IT resources. This can pose a serious challenge for smaller businesses that need to broaden their security strategy. Enterprise antivirus and anti-spam products, designed for companies with extensive IT resources, are too expensive and unwieldy for smaller organizations to manage. Rather than struggling with cumbersome point products created for large corporate networks, small and medium-sized businesses deserve a practical solution tailored to fit their distinct security and spam-fighting needs.”

Need for a Strong Security Policy

Moreover, one of the biggest mistakes SMBs make is assuming that since they're small, hackers won't be interested in them. Unfortunately, just the opposite is true. SMB servers and home users are, in many cases, now the preferred targets of choice for attackers for the installation of bots, spam zombies and phishing web sites, namely because they're easy targets. After all, information in SMB databases is often just as valuable to an attacker as that contained on an enterprise database, as any user, system or personally identifiable information can be sold or used for identity theft. And, since large companies have more resources, they're getting smarter and their systems have become a lot harder to penetrate.

Near about 61% do not have a security policy in place. Among those companies that do have a security policy, they are largely in the BFSI and the chemical segments, where CEOs are involved in formulating the security policy. Ajit Pathak, country manager, Sales Operation, SecureSynergy expresses, “Security policy should be framed as per the business objectives of the organization. All 3 P`s are important People, Process and Products. People are still the weakest link; ongoing information security training and periodic security audits can build a strong security framework.” He further added that lack of qualified security professionals managing IT infrastructure and adding to the fact is, the dynamics in security technologies keep on changing which looks adequate today but becomes obsolete tomorrow.

The SMBs need to have a security policy that not only identifies the key assets that need to be secured, but which assets will be extended to whom. For example, their security policy should include things like installing and updating antivirus software, installing a firewall, checking for encryption and authentication, creating strong passwords, and updating Web browsers. Says Verma, “The purpose of the policy is to guide users in knowing what is allowed and to guide administrators and managers in making choices about system configuration and use. And, by going through the process of creating a security policy, SMBs will be able to establish specific security goals and a plan for tackling them.” Security plans are to be carefully developed and the associated processes to be analyzed properly.