Symantec Corp. (NASDAQ: SYMC) today announced its India findings from the Symantec 2009 SMB Security & Storage survey. The survey goes on to state that while there is a growing awareness among the SMB segment in the country towards the various threats to their data, deployment of relevant solutions to counter this threat has not matched up. Inadequate budget coupled with ineffective information security management at the operational level are stumbling blocks for most SMBs in the country.
This survey has covered verticals such as financial services, healthcare, telecommunications, manufacturing, retail, professional services, education, entertainment & recreation, business support services and real estate.
While SMBs in India are aware of the need to protect information (84 percent), protect the network (76 percent), protect the desktop (53 percent), protect the servers (81 percent), protect e-mail (67 percent), and backup & recovery of data (83 percent), the stark reality is that the awareness has not necessarily translated in users actively deploying solutions that effectively protect their corporate data.
“The survey shows that small and midsized businesses in India want to protect their information, both internally and externally, but wafer thin budgets, coupled with inadequate and undertrained manpower are clearly stopping them from doing so”, said Ajay Verma, director, Channel and Alliances, Symantec India . “As information within Indian SMBs continues to grow, there will be enormous pressure on these organizations from their customers and partners to effectively and appropriately, secure and manage their information.”
Weak on Information Security
According to the survey, 61 percent of India SMB’s were unaware of the present day IT security threats. While a majority of respondents are extremely concerned about basic security issues like virus attacks (73 percent), phishing scams (60 percent) and spam (64 percent), a large number of respondents did not consider data loss (68 percent), employee ignorance (70 percent), unauthorized network access (50 percent) and unencrypted laptops (61 percent) as major security threats.
While most respondents are concerned about virus attacks and are aware of the adverse effect that viruses have on their infrastructure, only half of them have an anti-virus solution in place. A mere 23 percent have plans to implement an anti-virus solution in the coming year. Symantec’s recently released Internet Security Threat Report (ISTR) XIV points to the increasing levels of virus and worm attacks on Internet users in India . According to ISTR XIV, India had the highest occurrence worms and viruses within all of APJ. These malicious codes disabled security related processes, downloaded additional threats and steal confidential information – an indicator that basic security safeguards such as an anti-virus were amiss in Indian SMBs.
Though spam is a major concern, only 37 percent of the respondents for this survey have an anti-spam solution in place. This puts India at the bottom of the list in the APJ region for both anti-virus and anti-spam solution implementation.
With less than 20 percent of IT budgets being spent on security, Indian SMBs have the lowest deployment rate of security solutions across the APJ region. Countries such as Hong Kong , Australia , South Korea , and Japan spend an equivalent of almost 100 percent of their IT budgets on security.
Storage blues in Indian SMBs
Indian SMBs are slow to deploy effective storage solutions such as backup and archiving into their IT infrastructure. Here too the awareness of the benefits of such solutions exists, but they have been hardly implemented.
While 83 percent of the respondents polled know that a backup and recovery solution is critical to their organizations and 69 percent are aware of the need to archive data, only 44 percent have actually implemented a solution.
Solutions such as replication have been deployed by a low 19 percent of the respondents. Online storage too has found a few takers with only 28 percent of them using it. Data backup and archiving has seen reasonable implementation with 28 percent of the respondents having deployed the former, while the latter has a 36 percent acceptance.
While 72 percent respondents were aware of the need for a disaster recovery plan, only 37 percent Indian SMBs actually had one in place. Implementation of encryption software on removable storage devices was also deficient in Indian SMBs, with only 28 percent adoption.
Bang for the Buck
The survey shows that a majority of the respondents (60 percent) are willing to spend annually, an inconsequential amount of Rs. 100,000/ (Approx. USD 2000) on ensuring that their systems and information are protected. While it is encouraging to see that respondents see security as a concern area and are taking steps to protect their data, SMBs in India have misestimated the budget required to securitize their data. However on a brighter note, the report states that over 57 percent respondents from India have plans to increase their IT security and storage spends in the next 12 months.
“To counter the budget constraint, we see some SMBs using pirated software, which actually compounds their woes as they struggle with regular software updates, patch management issues and growing malicious threats,” adds Ajay Verma.
Additionally, challenges faced by the SMBs extend to having access to qualified, experienced and effective employees to ensure that the various solutions are in place and functioning. Almost 69 percent of the respondents have indicated that the security function is not separated from the IT function and is a dual responsibility on the same person.
Recommendations for Small Businesses
Symantec encourages small businesses to employ defense-in-depth strategies for employees and other end users, including an integrated endpoint security solution and security patch updates. Antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops, and servers should also be updated with the necessary security patches from the operating system vendor. Consider deploying a personal firewall to help control network traffic to the endpoint device. Also, make sure to enable the security settings on Web browsers and disable file sharing. To ensure they have the latest protection, SMB’s should apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions.
For any number of reasons – disaster, human error, hardware failure, etc. – your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data off site. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.
About the 2009 Security and Storage SMB Survey
Symantec’s Storage and Security in SMBs survey was conducted in February of 2009 by Applied Research. The study targeted 1,425 small and midsized sized businesses (10-500 employees) located in 17 countries around the globe. There were 75 respondents in India . Worldwide, the survey has a 95 per cent confidence level with a margin of error of 2.6 per cent.
