CA survey finds SMBs remain highly vulnerable to a variety of cyber-threats

Computer Associates Africa has announced that, according to a recent survey, small and medium businesses (SMBs) remain highly vulnerable to a variety of cyber-threats resulting in unacceptable exposure to significant business risk.

According to surveys of senior managers conducted for CA by Quocirca, a leading independent business analyst organisation, many SMBs do not have sufficient resources to implement proven security best practices which include periodic security reviews, proactive patch management and/or appropriate testing of data backup and recovery systems.

Quocirca surveyed 240 senior managers from companies in the US with less than 1 000 employees and 200 senior managers from companies in four European countries with less than 300 employees.

Key findings of the studies include:

* SMBs have relatively limited resources with which to manage their increasingly dense and heterogeneous IT environments. About 25% of larger SMBs still rely on non-experts to manage IT. For small businesses and SOHO users, that number rises to about 50%. SMBs in the European countries surveyed had even fewer dedicated IT staff than their US counterparts.
* The SMB IT environment is surprisingly complex. Despite their size, SMBs often wind up with a wide range of hardware and software resources. Older versions of Windows typically co-exist with newer ones - and many larger SMBs use a combination of Windows, Unix and Linux. This makes security management more difficult and time-consuming.
* Security and data protection processes are often managed manually - and therefore frequently neglected. Only 25% of SMBs surveyed are using automated software to manage their backups. Approximately 20% have no backup capabilities at all. Of those backing up their servers, more than 30% have not checked their ability to recover files in more than a year.
* SMBs are slow to react to emerging threats. More than 75% of SMBs utilise a high-speed Internet connection, yet more than 25% said they had not checked the security of their Internet connection in at least a year. And while 80% deployed anti-virus software, less than 50% have installed anti-spyware solutions - leaving them open to a rapidly growing range of potentially destructive threats.
* Poor patch management leaves many SMBs open to known security vulnerabilities. While many SMBs take advantage of Microsoft`s automated updates, less than 30% use automated patch management software to ensure the safety of their non-Microsoft applications. In larger SMB environments, where the testing and central management of patches is even more crucial, only 40% are using automated patch management software. "It is clear that SMBs must start acting now; testing for an Internet connection from outside should, for example, be done on a regular basis. These tests allow you to determine if the firewall rules are applied according to the agreed practice," comments Karel Rode, business technologist at Computer Associates Africa. "Furthermore, automating patch management is no longer a labour-intensive task as freely available tools as well as automatic updates from the Windows Web site streamline this."

CA has released the Quocirca studies in conjunction with the general availability of five attractively priced Protection Suites that fulfil the security, storage and data migration needs of SMBs. Offered in 17 languages, the Protection Suites also provide the simplified technology acquisition, deployment and ownership that are so important for under-resourced businesses.

To access the Quocirca studies and a CA whitepaper entitled "The Threats You Face: Why Total Protection Matters," please visit http://ca.com/smb/bestpractices.