Cybercriminals, hackers and malware. Just a few of the threats that mid-sized organisations across the world now worry about. As well as being a huge distraction from their day-to-day business these threats can have a real, tangible and detrimental effect on a company. The scale, diversity and volume of these threats increases each year—in 2009, for example, McAfee® Labs rated more than 27 million domains and found nearly 6% of them to be a risk, compared to 4% of the 9.9 million websites that were analysed in 2008 (source: McAfee Security Journal 2010). This explosion in risk creates even more pressure for mid-sized organisations that are struggling to grow their businesses against a background of competitive pressures and very slow recovery from worldwide financial turmoil.
This is the paradox for IT generalists in mid-sized organisations: enable the business to grow across new channels and create new ways to get business done whilst, at the same time, protect corporate assets and information with limited resources and budget. Threats up, budgets down—the “security paradox”, as it was named in last year’s report.
Not all the threats come from outside an organisation. In many instances it is previously trusted employees that steal customer information, financial data or product plans. Privileged access to internal data, coupled with a disenchanted member of staff, is a recipe for disaster and a tough problem to address. In the past attempts were often taken to suppress such wrongdoing, however, legislation and compliance oversight, coupled with social networking, requires these events be reported for all to see. Reputational damage is now a big issue.
This year, as last year, this report examines the security spending of mid-sized organisations (51–1,000 employees). It is recognised that the structure and capability of an organisation with 51 people is radically different to that of one employing 1,000 people but the key issue they face is the same addressing IT security threats as cost effectively as possible.
These threats are a reality. 83% said they were concerned or very concerned that their business could be the target of an intentional and malicious security attack. 51% had actually been attacked, 16% of which took over a week to recover. For an unfortunate 4% this recovery took a number of months, a significant dis- traction from running a mid-sized business. Data loss was the number one consequence of the attack.
It’s not all bad news.
IT security vendors continue to work hard to produce solutions to reduce the risk of damage to an organisation from cybercrime and hackers. By putting in place a well thought out and managed IT security solution, companies can significantly reduce their chances of suffering from an attack. This will enable the business to focus on its key objectives, such as developing new business areas during this critical financial recovery period.