Small Businesses Must Keep Investing In IT Security

To some extent, urging small business owners to invest in IT security solutions may be preaching to the converted – unsurprising given the huge amount of media attention given over to the subject over the last decade. Unless they have been living under a rock all this time, company leaders should by now be fully aware of the importance of protecting their business IT solutions against web-based viruses and other malware.

There is a clear choice, either invest a small amount safeguarding critical systems against online attacks, or face potential disaster further along the line.

Where the most severe IT security incidents are concerned, the damage caused can easily be business ending – either in terms of hardware/software destruction or in terms of reputational damage.

And despite the repetitiveness of this message, it remains no less important than before, even in light of the higher education levels now surrounding IT security.

If anything, the warning needs reiterating in light of new and emerging online threats.

IT security spending rises during 2010

Latest figures from research consultancy Gartner suggest that business owners are heeding the advice they have received, with spending on IT security solutions continuing to rise despite the downturn.

According to the firm, companies are dedicating additional funds to their defence budgets, and the global security software market is set to expand by 11.3 per cent this year.

Gartner expects the industry to generate £10.5 billion this year, compared to £9.45 billion in 2009, despite companies continuing to struggle in an uncertain economic environment.

Security spending has held up fairly well over the last three years, certainly in comparison to 2001 and 2002 after the dotcom crash.

Greater education over the importance of such solutions, such as anti-virus software and firewalls, has undoubtedly played a part, but Gartner says the increased maturity, penetration and confidence in IT are also important factors.

Ruggero Contu, principal research analyst at the firm, went as far as to say that security will remain one of the fastest-growing areas within the enterprise software market this year.

However, as many enterprises have no doubt found out to their detriment, purchasing IT security solutions and installing them is by no means the end of the matter.

No room for data security complacency

Keeping systems well-defended against external attacks cannot be considered a one-off task, fully executed once anti-virus software has been installed on company systems.

It must be considered an ongoing responsibility which runs in perpetuity – not one that is discharged following a single course of action.

Hackers, fraudsters and other malicious web users are continung to innovate, developing ever more sophisticated threats, meaning businesses have no choice but to constantly update security provisions.

The advent of cloud computing has made this task somewhat simpler, enabling users to receive security patches and other updates directly via the web rather than off the shelf at regular intervals.

But IT managers must still ensure they keep their eye on the ball, given the dangerously dynamic and complex nature of the IT security landscape.

If it is not virus-led sabotage that poses the primary risk to an organisation, it could easily be corporate identity theft or phishing, both of which are being facilitated by modern web technology.

And just this week, Greg Day, director of security at McAfee, stated that newer and more threatening malware versions are continuing to emerge, requiring a quick and effective response from the security industry.

He noted that during the first half of 2010, an average of 55,000 new online threats emerged every day – a figure which clearly demonstrates the magnitude of the task.

“There are what we call malware generation tools [which] let people create different kinds of threats, but they can do it in hundreds and thousands of different guises,” Mr Day explained.

“Now with cyber crime, an illegitimate revenue stream comes from this malware.”

Dependence on technology a weakness for business?

According to Mr Day, one of the major issues faced by the IT security sector is businesses’ and consumers’ growing dependence on technology.

As IT becomes more developed and is used for a wider range of purposes, this inherently creates new opportunities for malicious users, he claimed.

So while business owners and their employees may appreciate the risks involved in clicking on certain websites, hosted in high-risk jurisdictions, they may be less aware of new dangers emerging closer to home.

The rise of social networking sites, for instance, over the last four or five years has vastly increased the volume of consumer data stored in cyberspace.

Dan Raywood, online news editor at IT security publication SC Magazine, recently urged business owners to ensure all employees are aware of the security threats posed by social media.

He was commenting after malware tools provider Norman claimed that such platforms are now commonly being used by cybercriminals to spread malicious software.

To this end, Robert Stroud, the international vice president of Isaca, claimed that participation in “effective awareness and education campaigns” is a must for all staff members using the medium.

“Social media provides a new entry point for technology risks such as malware and viruses, however these risks are lowered when employees have an increased understanding of the impacts of their risky behaviour,” he stated.

Business leaders have to realise that, in order to keep their IT systems secure, they must not only take the basic IT security steps they are now familiar with – such as using anti-virus software and firewalls – but also instill a culture of best practice among their employees.

That way, the internet can continue to be treated as a positive, game-changing resource for businesses of all sizes, rather than a dangerous minefield to be avoided at all costs.

Just as irresponsible companies are sure to encounter difficulties in the online sphere, those which heed the advice they have been given – despite its novelty wearing thin – will continue to reap the rewards.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Matthew Stibbe is writer-in-chief at Articulate Marketing. He is also an avid blogger, closet geek and HP fanatic.

  • Great article Matthew. There is no question that data security is an issue that is becoming more and more prominent as the IT capabilities of small business expand. The proliferation of smartphones and tablets will only exacerbate that trend.

    To help small businesses deal with data security threats, we have created PluriID, a one-time password (OTP) token that prevents unauthorized users from gaining access to your laptop or PC at login. Each time you login, you press the token to generate a variable password, which when combined with your fixed password, gives you access to the machine. PluriID creates a two-factor authentication scheme, giving you strong protection against data and identity theft; and its built to fit the budgets of small businesses everywhere.
    More information about this first-of-its-kind OTP token can be found on our website:

    http://www.plurilock.com/products/pluriid

    Plurilock