Are SMBs blindly spending on security solutions?

Share this article:
Are SMBs blindly spending on security solutions?
Are SMBs blindly spending on security solutions?

A majority of the headline-grabbing breaches that take place around the world involve large corporations. However, though less visible, small to midsized businesses (SMBs) are just as likely to be targets. As the threat landscape continually evolves, security professionals at SMBs are up to the challenge, but more often than not may be blindly spending when it comes to security solutions.

That's because while larger corporations can afford the “bells and whistles” available in the security product market, many SMBs may not have the same resources, leaving security practitioners at these organizations to make tough decisions on what can address the prioritized risks. Studies have shown that the money being spent isn't aligning with the risks that are actually being posed to SMBs.

According to “The State of Risk-Based Security Management,” a recent study conducted by the Ponemon Institute and security firm Tripwire, results indicated that only 11 percent of an organization's budget is spent on the application layer, although 37 percent of the 1,320 IT professionals surveyed pointed to it as a “key security risk.”

The fact that there's no universal strategy in the security industry doesn't help SMBs make better spending decisions, John Stewart, SVP and CSO at Cisco, said. Additionally, he believes the number of solutions on the market only makes choosing a security product more challenging. “There are many, many, solutions out there,” he said.

Further, security audits, while effective in prioritizing risks, can be too costly for organizations that don't have the budgets to perform them frequently. However, there are other measures that can be taken. Steve Durbin, global VP of the Information Security Forum, a nonprofit that addresses security and risk management issues, believes it's essential for SMBs to collaborate in order to “informally benchmark” one another in terms of their security practices.

“There is a role here for independent organizations, and to an extent government, to provide insight and guidance around what the fundamentals of good security practice might be,” Durbin said.

A recent study conducted by Kaspersky Lab indicates that a successful attack on an SMB could result in a loss of up to five percent of its total revenue. With that much at stake, it's no wonder spending on IT security is expected to reach $30.1 billion by 2017, according to a study from Canalys.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in 2 Minutes On

Sign up to our newsletters

More in 2 Minutes On

Best practices for removing admin rights: A step-by-step approach

Careful control of administrator rights in the very foundation of IT Security. Allowing admin rights exposes a dangerous security risk, creating an easy entry point for advanced persistent threats, zero-day attacks and sophisticated malware.

Mobile-derived credentials

It's more than a trend. Mobile devices are becoming the new enterprise desktop. But mobile devices require the same security considerations to access corporate intranets or securely sending and receiving email.

Catching up to the insider

Catching up to the insider

Have effective changes been instituted to protect organizations from other Snowdens or negligent employees?