Midsized businesses are seeing increased attacks on their systems over the past year, according to a new survey conducted by London-based Bloor Research and McAfee Inc.
Medium-sized companies are softer targets, they don't have the same infrastructure or technology as enterprise organizations to defend themselves.
business technology specialistBloor's IT Security practice
Nigel Stanley, business technology specialist who heads Bloor's IT Security practice, said the findings reflect the strain many midsized companies are under to address growing security threats with minimal staff and expertise.
"Medium-sized companies are softer targets," Stanley said. "They don't have the same infrastructure or technology as enterprise organizations to defend themselves."
In addition, threats are becoming more sophisticated and intelligent, Stanley said. Malware is being created to sit on a system and wait for a file that contains sensitive information to steal passwords or Social Security numbers. More than 83% of those surveyed said they were concerned or very concerned that their business could be the target of an intentional and malicious security attack; 51% had actually been attacked.
Midsized businesses are also worried about insider attacks and employee errors that can lead to a data breach. Eighty-eight percent of those surveyed said they were concerned about non-malicious or inadvertent security incidents. These incidents include careless mistakes when transferring data or the loss of data.
The difficult global economy may also be playing a role in insider incidents. Employees are looking to gain a competitive advantage in a weak hiring economy, Stanley said. "It is driving people to go after the corporation's data and take it with them when they move jobs," he said.
Cari Jaquet, director of solutions marketing for McAfee, said one of the problems causing an increase in data breaches is the fact that most companies do not think about security as a priority over other work in the business. Over the past two years, this survey has found that midsized companies spend a maximum of three hours per week on security.
Jaquet said the threats haven't gone up significantly, but the amount of time these companies are spending on security has decreased. Last year, 65% of businesses spent less than three hours per week on security, compared to this year's 58%.