Why Information Security Should Be A SMB Priority


Consider Readjusting Your IT Budget To Focus On Security For Your Business

Pop quiz time!

How much of your organization’s IT budget is dedicated to info security? Is it 25%, 20 percent or closer to 10%?

According to Gartner, the number is likely below 5%.  Think about that for a moment. Businesses spend 95% of their IT budgets on building cool networks and streamlined workflows to help improve the bottom line, but they are not investing enough in protecting those same systems from cyber threats.  Why does security spending in general comprise such a small part of the overall budget?

For starters, quantifying the return on investment (ROI) for a system that does not improve workflow or the financial bottom line is difficult to do. But if data is your most valuable asset, then you can severely impact your company’s bottom line if that data is compromised.

Large enterprises with a bigger pool of resources at their fingertips can more easily rebound after a successful attack than a small- to medium-sized business (SMB) that doesn’t have a security expert on staff. This is why it’s important to be proactive with security rather than scramble to get back online following an outage.

The biggest challenge is overcoming the mindset of many SMBs who think “it will never happen to us.” Case in point: distributed denial-of-service (DDoS) attacks have taken a bigger share of the media spotlight recently. Since these reports have largely focused on high-profile events that are motivated by political “hacktivists,” it’s no surprise that many SMBs think they’re too small to be noticed/targeted.

However, in their 2013 Mid-Year Threat Report, the NSFOCUS research team observed 168,459 separate DDoS incidents just in the first half of the year alone. That’s 1.29 DDoS attacks occurring worldwide every two minutes on average.

We see the same trend in other threat types as well; the high-profile attacks get all the press, but the actual numbers point to broader activity. Thus, the question becomes not if, but when you will be a victim of an attack.

For SMBs, security often falls on the shoulders of two primary groups: the service providers they’ve commissioned, and individual employees. It’s important to know exactly what kind of security capabilities your providers offer and what you have contracted.

Your security policies should be adaptable to the new realities of modern business, such as the cloud and mobile devices, and should include employee education, training, and accountability. These changes affect the landscape of IT, which is at its most rapid pace since the advent of the personal computer.

Sticking with the basics is never sufficient. Hackers evolve right along with the security industry, and we always have to stay one step ahead. The methods they use to launch attacks have become easier and more accessible. Those companies who get out ahead of the trends and adapt their security to meet these changes will be the most secure, and thus the most successful.

Image: iStockphoto

About The Author