A new study from Symantec Corp. suggests many small and mid-sized organizations simply think they’re too small to be a target for hackers.
The global survey by the Mountain View, Calif.-based security provider was of executives and IT managers at 1,900 businesses with between 5 and 499 employees. More than half of respondents claim to be familiar with security threats posed by DDoS attacks, shortened URLs, using smartphones for company business, keystroke logging, and targeted attacks.
Smaller organizations are “much more aware than I had expected in terms of security threats and the consequences of them,” says Kevin Haley, a director with Symantec Security Response.“But the contradiction is knowing all that, they’re not doing anything to protect themselves”
Only 13 percent of respondents say they feel completely protected against computer threats while 45 percent feel somewhat protected. That leaves 42 percent providing responses of neutral, somewhat unprotected, or completely unprotected.
And yet, the companies feel safe from attack. On a 1-to-5 scale, where 3 is a noncommittal answer, the average response for feeling at risk from keystroke logging was 2.45. For a DDoS attack, it was 2.66, and for website vulnerabilities, 2.77. For using smartphones for company business and targeted attacks, the score was 3.22.
“We get answers like, ‘We’re a small company and this isn’t targeted at small companies,’” Haley says. “That’s where I start to draw the conclusion that it’s something that [they think] happens to big companies, not to [their] business.”
If you think your organization is too small to be noticed, here’s another figure from Symantec that might be handy. In 2010 research on targeted attacks, the company found that 40 percent of all such attacks are aimed at SMBs. “They’re a very tempting target,” Haley says.