Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/27/2007
02:18 AM
50%
50%

Study: SMBs Overconfident in IT Security

According to Websense, SMBs fail to take adequate steps to reduce the risk off data loss from Web-based security threats

SAN DIEGO -- According to independent research released today by Websense, Inc. (NASDAQ: WBSN), small and medium sized businesses (SMBs) fail to take adequate steps to reduce the risk off data loss from Web-based security threats. The SMB State of Security (SOS) survey of 450 IT managers and employees within the United States shows that while 46 percent of SMB IT managers say they have software to protect company confidential data, 81 percent do not use software to block the use of peer-to-peer applications, block USB devices (80 percent), control the use of instant messaging (76 percent), or stop spyware from sending out information to external sources (47 percent) – all growing vectors of confidential data loss.

Despite the risk of data loss, 20 percent of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient. Additionally, 12 percent of IT managers admit, while they have an Internet usage policy, they have no way of enforcing it.

The study also found that business-owned computers are left vulnerable to security threats for more than 21 days, on average, despite the daily updates promoted and offered by operating system and anti-virus vendors. In fact, only 4 percent of SMB employees have daily security updates on their work PC, while 11 percent of employees say the security software on their work PC has never been updated.

On the bright side, 94 percent of SMBs claim to have an Internet use policy in place, and 67 percent say that all companies should have equal levels of protection from Internet security threats, irrespective of their size.

2007 SMB State of Security Key Findings:

  • PREVENTING DATA LOSS: While 46 percent of IT managers say they have software to protect company confidential data, 81 percent of SMBs do not use software to block the use of peer-to-peer applications, block USB devices (80 percent), control the use of instant messaging (76 percent), or stop spyware from sending out information to external sources (47 percent).

  • RISKY BEHAVIOR: IT security managers say the top risks to their business include employees clicking on email links from unknown sources (74 percent), employees sending company email to the wrong address (53 percent), and employees accidentally or deliberately accessing adult Web sites (50 percent). Alarmingly, 73 percent of SMB employees admit to at least one of these high-risk activities with their work-owned computer, 54 percent admit more than one, while 27 percent admit three or more.

  • FALSE SENSE OF SECURITY: 99 percent of SMB IT managers feel their company is protected to some degree from exposure to Internet security threats. But only 22 percent say they feel 100 percent protected – meaning 78 percent do not. Additionally, 20 percent of SMBs do not use Internet security software other than firewall and anti-virus products, as they mistakenly feel these are sufficient.

  • WINDOW OF EXPOSURE: The average length of time that employees have continued to use their work PCs before security is updated is 21.2 days. Only 4 percent of employees have daily security updates on their work PC, while 11 percent have never updated security on their work PC. On a daily basis, Websense discovers Web sites that contain malicious code – numbering in the hundreds of thousands -- that threaten vulnerable computers.

  • PROTECTION OVERCONFIDENCE: Confidence levels in IT security are high among SMB employees, with 41 percent confident that their IT department protects them from every Internet security threat. However, 45 percent say they have some level of protection but admit they are not sure what is protected. Another 12 percent of employees say they do not know if their work PC is protected.

“The Web continues to grow as the attack vector of choice for hackers, and SMBs need to realize that anti-virus and firewalls alone aren’t built for emerging Web-based threats,” said Steve Kelley, senior director of Product Management, Websense Inc. “For example, in February, Websense discovered an information-stealing keylogger on the Dolphin Stadium Web site just days before the Super Bowl was played there. Anti-virus vendors didn’t update their products until after the Super Bowl. To prevent data loss and protect against Web-based threats, SMBs need to reassess their security posture and take steps to stay ahead of hackers.”

Websense Inc. (Nasdaq: WBSN)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...