Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/28/2009
12:04 AM
Fredric Paul
Fredric Paul
Commentary
50%
50%

SMB Security Provider Sees $1 Billion Markets Becoming $100 Million Markets

Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.

Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.The biggest issue, Scott says, is "how frugal the SMB is being." He cites a customer e-mail saying their bill was $9 too high. "They're really watching every buck," Scott says.

And as bandwidth is getting cheaper, that's putting a lot of pressure on service providers. "We've lowered prices 30% to 50%," Scott says, but so have his competitors. "Postini was $5 a mailbox. Now it's $2.50, and it could be as low as a buck" in some cases.

"As products move to a service structure, the price that people will pay for infrastructure is going to plummet," Scott says. And that means "a lot of $1 billion markets turning into $100 million markets."

From his perspective, though, this new frugality opens a market opportunity for GFI. If SMBs can no longer afford $400 for security software, "I have a shot at becoming the infrastructure company for SMBs," he says. Traditional software companies will no longer be able to spend 150% of new license revenue on sales and marketing.

"We're still growing and profitable as hell."

That doesn't mean SMBs don't have security needs, of course. Scott says the results of a new GFI security survey "scare the crap out of me." The survey shows that almost half of SMBs "really don't care about internal threats," and that even among companies who do have Web monitoring capabilities, "two-thirds don't even use it!"

GFI-filter How companies use Web monitoring.

The study revealed that 51% are concerned about Web-borne malware, but only 9% worry about internal threats -- although that percentage rises as company size increases.

GFIthreat What SMBs worry about.

This lack of concern is dangerous, Scott says. "My customer database is the most important asset I have," he explains, and warns that when things turn ugly in small companies, the strong personal relationships mean "there's a whole lot of emotion involved. And one employee lawsuit where you're not prepared can be a big deal for a small company."

Yet the study says 63% of SMBs don't have policies concerning storage and retention of e-mails -- indicating that e-mail compliance and e-discovery are not seen as big issues. Some 18% of SMBs are planning to institute these kinds of policies. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).

More than half of SMBs (58%) have formal policies restricting access to sensitive data (11% are considering developing such policies), but only 47%have formal policies categorizing company data by its sensitivity (14% are considering adding such policies).

Of course, the external threats are also real. Many SMBs believe that "I'm too small for someone to come after," Scott says,, but the bad guys are increasingly fishing for soft targets. In places like China and Belarus, he adds, hacking is becoming a matter of national pride. "They don't know what they're attacking," Scott says, "they're just looking for servers."

Fortunately, the survey indicates that SMBs do take security seriously. Some 21% of SMBs don't plan to target security spending even if they have to slash their IT budgets, compared to 9% who are more likely to cut security spending than other IT projects.

Download The Survey: The GFI Software SMB And IT Security Report

Not surprisingly, GFI used the release of the survey as hook for its own news: the purchase of Katharion's outsourced anti-spam and anti-virus e-mail filtering solutions. Scott said that in addition to adding Katharion's 8,000 customers to GFI's 50,000 roster, the acquisition adds new Software as a Service (SaaS) technology to the company's existing on-premise security offerings for SMBs.

GFI is counting on this hybrid approach to help it prosper amidst these shrinking markets while still taking care of companies that "like to hug their Exchange servers," Scott explains. For now, he claims it's working. "We're still growing, and still profitable as hell."

Follow Fredric Paul on Twitter @ http://twitter.com/TheFreditor Follow bMighty.com on Twitter @ http://twitter.com/bMighty Put a bMighty gadget on your iGoogle page Get bMighty on your mobile device

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25514
PUBLISHED: 2020-09-22
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
CVE-2020-25515
PUBLISHED: 2020-09-22
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
CVE-2020-14022
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Star...
CVE-2020-14023
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
CVE-2020-14024
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuratio...