Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/16/2012
03:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Survey Shows Small Biz Owners Still Not Concerned About Cybersecurity

Findings revealed disparities between online safety perceptions and actual practices

WASHINGTON and MOUNTAIN VIEW, Calif. – October 15, 2012 – U.S. small business owners or operators have a false sense of cybersecurity as more than three-fourths (77 percent) say their company is safe from cyber threats such as hackers, viruses, malware or a cybersecurity breach, yet 83% have no formal cybersecurity plan. These findings are from a new survey released today of 1,015 U.S. small- and medium-sized businesses (SMBs) by the National Cyber Security Alliance (NCSA) and Symantec. (The full survey is available at: http://www.staysafeonline.org/stay-safe-online/resources/)

This annual survey is being released in conjunction with National Cyber Security Awareness Month, a coordinated national effort focused on improving online safety and security for all Americans. The survey findings reveal some disparities such as the need for establishing Internet security policies and practices, handling and responding to data breaches, and providing consistent IT/security management at their businesses. Although SMBs increasingly rely on the Internet for daily operations, they are not taking the necessary measures to keep their businesses safe and secure:

· A Majority of SMBs Believe Security Is Critical to Their Success and Brand: Seventy-three percent of SMBs say a safe and trusted Internet is critical to their success, and 77% say a strong cybersecurity and online safety posture is good for their company's brand.

· SMBs Unprepared to Handle Data Breach Losses: Nearly six out of 10 (59 percent) SMBs do not have a contingency plan outlining procedures for responding and reporting data breach losses.

· Two-thirds of SMBs Aren't Concerned About Cyber Threats: Sixty-six percent of SMBs are not concerned about cyber threats – either external or internal. External threats include a hacker or cyber-criminal stealing data while internal threats include an employee, ex-employee, or contractor/consultant stealing data.

"We want U.S. small businesses to understand they cannot completely remain safe from cyber threats if they do not take the necessary precautions," said Michael Kaiser, executive director of the National Cyber Security Alliance. "A data breach or hacking incident can really harm SMBs and unfortunately lead to a lack of trust from consumers, partners and suppliers. Small businesses must make plans to protect their businesses from cyber threats and help employees stay safe online."

"It's terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe," said Brian Burch, vice president of Americas Marketing for SMB, at Symantec. "Almost 40% of the over 1 billion cyberattacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it's often fatal to their business."

Additional survey findings revealed the disparities between online safety perceptions and actual practices, which include:

· Employee Internet Security Policies, Procedures Lacking for SMBs: Eighty-seven percent of SMBs do not have a formal written Internet security policy for employees, while 69% do not even have an informal Internet security policy. While social media is an increasingly popular vector for phishing attacks, 70% of SMBs do not have policies for employee social media use.

· SMBs Satisfied with their Online Safety Posture Despite Lack of Policies/Plans: Eighty-six percent of SMBs say they are satisfied with the amount of security they provide to protect customer or employee data. Additionally, 83% strongly or somewhat agree that they are doing enough or making enough investments to protect customer data. Yet, Visa Inc. reports small businesses represent more than 90% of the payment data breaches reported to the company.

On a positive note, companies born of the recession are leading by example. Companies born since 2008 are almost 20% more likely than older small businesses to have a written plan in place for keeping their business secure from cyber threats.

Small businesses can improve their online safety practices in a number of areas,

especially when it comes to establishing policies and protocols for safe Internet use, with these simple ways to stay safe online:

· Know what you need to protect: One data breach could mean financial ruin for an SMB. Look at where your information is being stored and used, and protect those areas accordingly.

· Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?) will help protect your data.

· Map out a disaster preparedness plan today: Don't wait until it's too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.

· Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorized access, providing strong security for intellectual property, customer and partner data.

· Use a reliable security solution: Today's solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs. It's the most important step to protect your information.

· Protect Information Completely: It's more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.

· Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.

· Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.

For additional information on how to prevent cybercrime before it happens, check out the STOP. THINK. CONNECT. Campaign at http://stopthinkconnect.org/tips-and-advice/. NCSAM supporters can get the latest news and updates on Facebook at www.facebook.com/staysafeonline and on Twitter at @StaySafeOnline. The official Twitter hashtag of NCSAM is #ncsam. The National Cyber Security Awareness Month Web Portal is also available at: http://www.staysafeonline.org/ncsam/ and a calendar of additional NCSAM events can be found at: http://staysafeonline.org/ncsam/events.

Survey Methodology

JZ Analytics conducted the small business survey from September 27–29, 2012. The survey firm, founded by John Zogby, surveyed 1,015 U.S. small businesses (less than 250 employees) across the United States. The margin of error is +/- 3.1 percentage points and margins of error are higher in sub-groups. The full study and a fact sheet are available at: http://www.staysafeonline.org/stay-safe-online/resources/.

About The National Cyber Security Alliance

The National Cyber Security Alliance is a non-profit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to educate and empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA board members include: ADP, AT&T, Bank of America, EMC Corporation, ESET, Facebook, Google, Intel, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Trend Micro, Verizon and Visa. Visit www.staysafeonline.org for more information and join us on Facebook at www.facebook.com/staysafeonline.

About Symantec

Symantec protects the world's information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world. More information is available at www.symantec.comor by connecting with Symantec at: go.symantec.com/socialmedia

About STOP. THINK. CONNECT.

The campaign was developed by the STOP. THINK. CONNECT. Messaging Convention, a public-private partnership established in 2009 and led by The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) to develop and support a national cybersecurity awareness campaign. The Department of Homeland Security provides the Federal Government's leadership for the campaign. Industry, government, non-profits and education institutions participate in STOP. THINK. CONNECT. Learn how to get involved at the STOP. THINK. CONNECT. Facebook page at https://www.facebook.com/STOPTHINKCONNECT, on Twitter at @STOPTHNKCONNECT, and the campaign website at www.stopthinkconnect.org.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...