Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/28/2009
12:04 AM
Fredric Paul
Fredric Paul
Commentary
50%
50%

SMB Security Provider Sees $1 Billion Markets Becoming $100 Million Markets

Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.

Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.The biggest issue, Scott says, is "how frugal the SMB is being." He cites a customer e-mail saying their bill was $9 too high. "They're really watching every buck," Scott says.

And as bandwidth is getting cheaper, that's putting a lot of pressure on service providers. "We've lowered prices 30% to 50%," Scott says, but so have his competitors. "Postini was $5 a mailbox. Now it's $2.50, and it could be as low as a buck" in some cases.

"As products move to a service structure, the price that people will pay for infrastructure is going to plummet," Scott says. And that means "a lot of $1 billion markets turning into $100 million markets."

From his perspective, though, this new frugality opens a market opportunity for GFI. If SMBs can no longer afford $400 for security software, "I have a shot at becoming the infrastructure company for SMBs," he says. Traditional software companies will no longer be able to spend 150% of new license revenue on sales and marketing.

"We're still growing and profitable as hell."

That doesn't mean SMBs don't have security needs, of course. Scott says the results of a new GFI security survey "scare the crap out of me." The survey shows that almost half of SMBs "really don't care about internal threats," and that even among companies who do have Web monitoring capabilities, "two-thirds don't even use it!"

GFI-filter How companies use Web monitoring.

The study revealed that 51% are concerned about Web-borne malware, but only 9% worry about internal threats -- although that percentage rises as company size increases.

GFIthreat What SMBs worry about.

This lack of concern is dangerous, Scott says. "My customer database is the most important asset I have," he explains, and warns that when things turn ugly in small companies, the strong personal relationships mean "there's a whole lot of emotion involved. And one employee lawsuit where you're not prepared can be a big deal for a small company."

Yet the study says 63% of SMBs don't have policies concerning storage and retention of e-mails -- indicating that e-mail compliance and e-discovery are not seen as big issues. Some 18% of SMBs are planning to institute these kinds of policies. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).

More than half of SMBs (58%) have formal policies restricting access to sensitive data (11% are considering developing such policies), but only 47%have formal policies categorizing company data by its sensitivity (14% are considering adding such policies).

Of course, the external threats are also real. Many SMBs believe that "I'm too small for someone to come after," Scott says,, but the bad guys are increasingly fishing for soft targets. In places like China and Belarus, he adds, hacking is becoming a matter of national pride. "They don't know what they're attacking," Scott says, "they're just looking for servers."

Fortunately, the survey indicates that SMBs do take security seriously. Some 21% of SMBs don't plan to target security spending even if they have to slash their IT budgets, compared to 9% who are more likely to cut security spending than other IT projects.

Download The Survey: The GFI Software SMB And IT Security Report

Not surprisingly, GFI used the release of the survey as hook for its own news: the purchase of Katharion's outsourced anti-spam and anti-virus e-mail filtering solutions. Scott said that in addition to adding Katharion's 8,000 customers to GFI's 50,000 roster, the acquisition adds new Software as a Service (SaaS) technology to the company's existing on-premise security offerings for SMBs.

GFI is counting on this hybrid approach to help it prosper amidst these shrinking markets while still taking care of companies that "like to hug their Exchange servers," Scott explains. For now, he claims it's working. "We're still growing, and still profitable as hell."

Follow Fredric Paul on Twitter @ http://twitter.com/TheFreditor Follow bMighty.com on Twitter @ http://twitter.com/bMighty Put a bMighty gadget on your iGoogle page Get bMighty on your mobile device

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4662
PUBLISHED: 2020-08-14
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...