Symantec Corp. announced its India findings from the Symantec 2009 SMB Security & Storage survey. The survey goes on to state that while there is a growing awareness among the SMB segment in the country towards the various threats to their data, deployment of relevant solutions to counter this threat has not matched up. Inadequate budget coupled with ineffective information security management at the operational level are stumbling blocks for most SMBs in the country.

This survey has covered verticals such as financial services, healthcare, telecommunications, manufacturing, retail, professional services, education, entertainment & recreation, business support services and real estate.
While SMBs in India are aware of the need to protect information (84 per cent), protect the network (76 per cent), protect the desktop (53 per cent), protect the servers (81 per cent), protect e-mail (67 per cent), and backup & recovery of data (83 per cent), the stark reality is that the awareness has not necessarily translated in users actively deploying solutions that effectively protect their corporate data.

“The survey shows that small- and mid-sized businesses in India want to protect their information, both internally and externally, but wafer-thin budgets, coupled with inadequate and undertrained manpower are clearly stopping them from doing so,” said Ajay Verma, Director, Channel and Alliances, Symantec India. “As information within Indian SMBs continues to grow, there will be enormous pressure on these organizations from their customers and partners to effectively and appropriately, secure and manage their information.”

According to the survey, 61 per cent of Indian SMBs were unaware of the present-day IT security threats. While a majority of respondents are extremely concerned about basic security issues like virus attacks (73 per cent), phishing scams (60 per cent) and spam (64 per cent), a large number of respondents did not consider data loss (68 per cent), employee ignorance (70 per cent), unauthorized network access (50 per cent) and unencrypted laptops (61 per cent) as major security threats.

While most respondents are concerned about virus attacks and are aware of the adverse effect that viruses have on their infrastructure, only half of them have an anti-virus solution in place. A mere 23 per cent have plans to implement an anti-virus solution in the coming year. Symantec’s recently released Internet Security Threat Report (ISTR) XIV points to the increasing levels of virus and worm attacks on Internet users in India. According to ISTR XIV, India had the highest occurrence worms and viruses within all of APJ. These malicious codes disabled security related processes, downloaded additional threats and steal confidential information – an indicator that basic security safeguards such as an anti-virus were amiss in Indian SMBs.

Though spam is a major concern, only 37 per cent of the respondents for this survey have an anti-spam solution in place. This puts India at the bottom of the list in the APJ region for both anti-virus and anti-spam solution implementation.
With less than 20 per cent of IT budgets being spent on security, Indian SMBs have the lowest deployment rate of security solutions across the APJ region. Countries like Hong Kong, Australia, South Korea and Japan spend an equivalent of almost 100 per cent of their IT budgets on security.

Symantec suggests that small businesses should employ defence-in-depth strategies for employees and other end-users, including an integrated endpoint security solution and security patch updates. Antivirus definitions and intrusion prevention signatures must be updated regularly, and all desktops, laptops, and servers should also be updated with the necessary security patches from the operating system vendor.

Giving more suggestions, Verma said, “To ensure they have the latest protection, SMBs should apply operating system and security software updates and patches as soon as they are released. In order to protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions. For any number of reasons – disaster, human error, hardware failure, etc. – your IT system could be brought down. It is critical to back up important data regularly and store extra copies of this data off site. Since tapes containing confidential customer or business data may be lost or stolen in transit, encrypting those backup stores is a good idea.”

Symantec’s Storage and Security in SMBs survey was conducted in February 2009 by Applied Research. The study targeted 1,425 small- and mid-sized sized businesses (10–500 employees) located in 17 countries around the globe. There were 75 respondents in India. Worldwide, the survey has a 95 per cent confidence level with a margin of error of 2.6 per cent.