There is some sobering statistics available which indicates that small and midsized businesses are increasingly under attack from hackers at the same time they’re downsizing their security and IT departments to cut costs.
In a recent report, titled “The Security Paradox”, McAfee found that the average midsized company lost $43,000 to security breaches in the past year and overall cyber attacks have surged 322 percent for SMBs worldwide.
Meanwhile, 71 percent of IT directors at small and midsized businesses believe there is some chance a serious data breach could put their company out of business yet almost the same amount — 70 percent — froze or cut their IT security budgets this year.
This paradox is especially problematic because almost half of all midsized companies surveyed believe that larger companies (501 or more employees) are more at risk for a security attack. Actually, McAfee found that companies with fewer than 500 employees suffer from more cyber attacks in a given year.
“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources,” Darrell Rodenbaugh, McAfee’s senior vice president of global mid-market, said in a statement. “But this creates a vicious cycle of breach and repair that costs far more than prevention.”
McAfee’s findings are corroborated by the Anti-Phishing Working Group which argued that the Internet was the “most dangerous” it has ever been with a 585 percent spike in malicious anti-malware programs and fake security applications further confusing companies and consumers.
New phishing Web sites detected in June rose to 49,084 — the most since the 55,643 sites discovered in April 2007 and the second-highest number recorded since APWG began reporting on phishing sites. The number of hijacked brands and Web sites an all-time high of 310 in March
APWG researchers working at Panda Labs’ research lab counted more than 152,000 different strains of bogus anti-malware apps in June, up from slightly more than 22,000 such applications in January.
McAfee found that 65 percent of midsized companies spend less than four hours a week on IT security proactively but 67 percent spend ore than a day recovering from attacks on their IT systems and data networks.
Last year, midsized companies spent a total of $17.2 billion fixing IT security breaches, according to McAfee researchers. On average, these companies lost more than $75,000 a year responding to attacks.
“Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk,” Rodenbaugh said.
Midsized companies, defined as those with between 101 and 500 employees, have been hit with security breaches or hacking attacks an average of 24 times in the past three years compared to only 15 such attacks for organizations with 501 to 1,000 employees.