14 December 2019

RSS Feed

Policing Company Data-the Need of the Hour

E-mail Print PDF

The Indian small and medium businesses segment is showing intent to protect their data but falling short in deploying measures to safeguard their systems. Symantec 2009 SMB security and storage survey finds 84 percent respondents from India are aware of the need to protect information but many have budgets of only USD 2000 to work with.

Knowing a threat is the first step of going secure. Security availability comes second, and finally it is to acquire the technology with allocating proper budgets. But what if the budgets aren’t available to acquire the technology even after knowing the threat, the situation then can be called as catch 22.

In a recent survey done by Symantec Corporation, it came out that Indian SMBs have the awareness of their information security issues but cant have proper budget to get themselves secured. The Symantec 2009 SMB Security & Storage survey goes on to state that despite of growing awareness among the SMB segment in the country towards the various threats to their data, deployment of relevant solutions to counter this threat has not matched up. Inadequate budget coupled with ineffective information security management at the operational level are stumbling blocks for most SMBs in the country.

The survey clearly showcased that small and midsized businesses in India not only want to protect their information, both internally and externally, but they also know the criticality of their data sensitivity. But the only obstacle for them is their thin budgets coupled with inadequate and under-trained manpower. Ajay Verma, Director, channel and alliances, Symantec India commented, “As information within Indian SMBs continues to grow, there will be enormous pressure on these organisations from their customers and partners to effectively and appropriately, secure and manage their information.”

This survey has covered verticals such as financial services, healthcare, telecommunications, manufacturing, retail, professional services, education, entertainment & recreation, business support services and real estate.

While SMBs in India are aware of the need to protect information (84 percent), protect the network (76 percent), protect the desktop (53 percent), protect the servers (81 percent), protect e-mail (67 percent), and backup & recovery of data (83 percent), the stark reality is that the awareness has not necessarily translated in users actively deploying solutions that effectively protect their corporate data.

Commenting on the situation, Dinesh Bareja, Sr Vice President of Secure Matrix India -- a Mumbai based solution provider, focussed on security issues of organisations gave his views on what should be done to come up from this entire security scenario., “Especially the small businesses need to think carefully about their security policies as they are the ones who are working along with large organisations at national and international levels. Their business growth is also an element of special focus as they need secured infrastructure to sustain the growth. Security is more than a matter of passwords and lost devices. It is a matter of secure networks, encryption and authentication. But above all, it means creating an internal culture of responsibility,” Bareja added,

Information Security limitations

According to the survey, 61 percent of India SMB’s were unaware of the present day IT security threats. While a majority of respondents are extremely concerned about basic security issues like virus attacks (73 percent), phishing scams (60 percent) and spam (64 percent), a large number of respondents did not consider data loss (68 percent), employee ignorance (70 percent), unauthorized network access (50 percent) and unencrypted laptops (61 percent) as major security threats.

While most respondents are concerned about virus attacks and are aware of the adverse effect that viruses cause, only half of them have an anti-virus solution in place. A mere 23 percent have plans to implement an anti-virus solution in the coming year. Symantec’s recently released Internet Security Threat Report (ISTR) XIV points to the increasing levels of virus and worm attacks on Internet users in India. According to ISTR XIV, India had the highest occurrence worms and viruses within all of APJ. These malicious codes disable security related processes, download additional threats and steal confidential information – an indicator that basic security safeguards such as an anti-virus were amiss in Indian SMBs.

Though spam is a major concern, only 37 percent of the respondents for this survey have an anti-spam solution in place.

With less than 20 percent of IT budgets being spent on security, Indian SMBs have the lowest deployment rate of security solutions across the APJ region. Countries such as Hong Kong, Australia, South Korea, and Japan spend an equivalent of almost 100 percent of their IT budgets on security.

Storage Constraints of Indian SMBs

Indian SMBs are slow to deploy effective storage solutions such as backup and archiving into their IT infrastructure. Here too the awareness of the benefits of such solutions exists, but they have been hardly implemented. While 83 percent of the respondents polled know that a backup and recovery solution is critical to their organisations and 69 percent are aware of the need to archive data, only 44 percent have actually implemented a solution.

Solutions such as replication have been deployed by a low 19 percent of the respondents.  Online storage too has found a few takers with only 28 percent of them using it. Data backup and archiving has seen reasonable implementation with 28 percent of the respondents having deployed the former, while the latter has a 36 percent acceptance.

While 72 percent respondents were aware of the need for a disaster recovery plan, only 37 percent Indian SMBs actually had one in place. Implementation of encryption software on removable storage devices was also deficient in Indian SMBs, with only 28 percent adoption.

Financial Constriants

The survey shows that a majority of the respondents (60 percent) are willing to spend annually, an inconsequential amount of Rs. 100,000/ (Approx. USD 2000) on ensuring that their systems and information are protected. While it is encouraging to see that respondents see security as a concern area and are taking steps to protect their data, SMBs in India have mis estimated the budget required to securitise their data. However on a brighter note, the report states that over 57 percent respondents from India have plans to increase their IT security and storage spends in the next 12 months.

“To counter the budget constraint, we see some SMBs using pirated software, which actually compounds their woes as they struggle with regular software updates, patch management issues and growing malicious threats,” adds Ajay Verma.

Additionally, challenges faced by the SMBs extend to having access to qualified, and experienced employees to ensure that the various solutions are in place and functioning. Almost 69 percent of the respondents have indicated that the security function is not separated from the IT function and is a dual responsibility on the same person.

Recommendations for Small Businesses

Symantec encourages small businesses to employ defense-in-depth strategies for employees and other end users, including an integrated endpoint security solution and security patch updates. Antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops, and servers should also be updated with the necessary security patches from the operating system vendor. Consider deploying a personal firewall to help control network traffic to the endpoint device. Also, make sure to enable the security settings on Web browsers and disable file sharing. To ensure they have the latest protection, SMB’s should apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions.

For any number of reasons – disaster, human error, hardware failure, etc. – your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data off site. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.



Add comment

Security code


Get the Flash Player to see this player.

Follow SEI

Facebook Twitter Linkedin Youtube RSS Feed
Small Enterprise India Newsletters


Take Our Online PollVoice your opinion
What do you expect from the StartUp India Action Plan?