Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/10/2011
02:11 PM
50%
50%

Security Costs SMBs 16 Days Per Month

Managing on-site security systems takes up more than 120 hours of IT staff time each month, according to Webroot.

Top 10 SMB Predictions for 2011
(click image for larger view)
Slideshow: Top 10 SMB Predictions For 2011

IT pros at small and midsize businesses (SMBs) spend 127 hours every month managing their on-premises security infrastructure, according to a new survey released by Webroot.

That equates roughly to 16 eight-hour workdays devoted to tasks such as updating software and hardware, reimaging infected machines, managing end-user policies, and installing patches. Software and hardware updates, for example, take up more than 18 hours of IT personnel's time each month.

While the study included larger companies, too -- its 820 respondents worked for firms with 100 to 5,000 employees -- Webroot chief technology officer Gerhard Eschelbeck said that the numbers were remarkably consistent across organizational size. In other words, SMBs are spending as much time as larger companies managing their on-site security -- only with fewer people and less money. That means security maintenance eats up a much larger slice of the resource pie at smaller firms.

"Smaller companies usually have less IT resources and less resources dedicated to security, so it certainly becomes a double whammy for those organizations," Eshelbeck said in an interview. "An organization with a 100 people, by design has a smaller IT department, security department, than an organization with 1,000 people. Clearly from that perspective, it hits them doubly hard."

While SMBs might make less likely bulls-eyes for targeted attacks, they deal with the same broader threat landscape -- such indiscriminately launched malware -- as big business and big government.

"The fact that they also are dealing with a similar amount of infections and time spent is clearly an indicator that smaller companies are impacted harder," Eshelbeck said.

The survey also found that mobile workers -- and the devices that keep them connected to the virtual office -- pose the fastest-growing concern for IT managers charged with keeping company networks secure. One in three respondents listed mobile devices, from laptops to tablets to smartphones, as their chief challenge in the year ahead. Data breaches and malware threats ranked second and third, respectively, as the top security challenges for 2011.

"Every mobile device is a potential access point for viruses, for any other piece of malware," Eshelbeck said. Mobile devices "really add a completely new vector for infection if they're always on and permanently connected outside of the corporate network."

Some 40% of respondents said they plan to implement a cloud-based security system in 2011 or 2012, listing reduced IT burdens, simplified maintenance, improved malware defenses, and mobile security among their top motivations. Webroot, of course, has a vested interest in these survey results: The company provides Web-based security services. The survey was conducted by a third party, the company said.

In Eshelbeck's view -- based on 20 years in security and 10 in Web-based software -- SMBs drove early growth of cloud-based security and other hosted software, but larger organizations are now bridging the gap.

"Clearly, the revolution started in the [SMB] segment," Eshelbeck said. "Over the years, it has also grown up to the larger organizations."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3700
PUBLISHED: 2020-01-24
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defa...
CVE-2019-3699
PUBLISHED: 2020-01-24
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3...
CVE-2019-3697
PUBLISHED: 2020-01-24
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
CVE-2019-3694
PUBLISHED: 2020-01-24
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 a...
CVE-2019-3693
PUBLISHED: 2020-01-24
A symlink following vulnerability in the packaging of mailman in SUSE SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. Th...