Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:41 AM
Dark Reading
Dark Reading
Products and Releases

Survey: Nearly Half Of SMBs Don't Have Way To Filter, Monitor Web Traffic

SMBs are not only lagging their peers, but also underestimating the risks, according to new research by GFI Software

RALEIGH, N.C., Sept. 29 /PRNewswire/ -- It is estimated that nearly 90 percent of all data breaches involve insider negligence,(1) yet the results of survey announced today by email and security software provider GFI Software revealed that nearly half of SMBs underestimate the impact uncontrolled access to the Internet can have on their organization - in terms of network security, productivity levels and HR.

The survey showed that although the majority of SMBs (61%) have security policies in place regarding Internet use, far fewer have the means to monitor and/or filter the HTTP traffic: Less than half (47%) say they have the means to do so. However, 15% of SMBs do indicate they are considering adding monitoring and/or filtering capabilities, and an additional 5% said implementation is planned.

"The results pose an interesting question that SMBs should be asking themselves: 'If half are monitoring Internet activity in the business, why aren't I?'," said Walter Scott, CEO of GFI Software. Nearly half of those surveyed are lagging their peers and this indicates that they are not aware of the risks that come with uncontrolled Internet access. It is not a case of 'big brother' but rather one of 'keeping alert' and being 'prepared'. With monitoring in place, management has a front-line view of Internet activity in the company."

Of those using Web filtering software, the majority (67%) said they use it for security against virus and malware downloads, 55% to prevent illegal and/or unacceptable Web browsing and only 36% to monitor employee browsing activity.

Scott continues: "Monitoring employees' web activity goes beyond simply checking who is doing what online and how much time is spent browsing the Internet. Web monitoring and filtering is key to preventing malware from being downloaded and infecting the network. We also often forget that we are living in a society that is becoming increasingly litigious. Web monitoring and Web filtering give business owners the ammunition they need to counter any claims from clients or employees. It is also management's fiduciary responsibility to have the data for when it is needed. The risks are too high for businesses today."

The survey also gives an indication of how threats are perceived and their source. According to the survey, the IT security threats that most concern SMBs are accidental data corruption, malware attacks and external. Fifty-one percent (51%) said that they are concerned about Web-borne malware. However, only 9% said they are concerned about internal threats. The threat posed by employees leaving the company with confidential data was of concern to only 26%, the lowest rated.

Email compliance and eDiscovery appear to be low on the list of priorities for many of the respondents. When asked if they have rules or policies governing the storage and/or retention of emails, 63% said they did not have any rules stating where emails should be stored, however of those 18% said they were planning to do so. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).

Scott concludes, "Once again, we see SMBs either ignoring or unaware of the implications of their actions. Compliance is a major issue in the US and the penalties for non-compliance can be crippling for a business, however, it is surprising, even shocking that SMBs do not have procedures in place to regulate where emails are stored and for how long. Businesses are taking too long to catch up. They need to be proactive because their business could be at stake."

The full survey report is available for download at http://www.gfi.com/documents/SecurityReport2009.pdf.

Survey Methodology

This survey was sponsored by GFI to assess the readiness of the small and medium businesses (SMBs) in the U.S. in dealing with security issues, and to determine how priorities in IT security have changed in the SMB market due to the current economic environment. The online survey was conducted among 540 IT professional's using an IT panel managed by e-Rewards. The panel, comprised of approximately 250,000 members, is representative of a large number of IT professions/titles, including CIOs. The survey was sent to 19,067 members on the IT panel during the period July 27 through August 6, 2009. Participants were screened to ensure they were an IT professional with decision-making authority or specific responsibility for IT security, and work at a SMB that has 500 or less employees. The survey's sampling error is plus or minus four percentage points for values at or near 50 percent, given a 95 percent confidence interval.

About GFI

GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...