Small and Medium-Sized Companies Too Small to Get Hacked
McAfee released the results of a survey last week after sampling 500 IT decision-makers from companies with 1,000 to 2,000 employees. The results are pretty astounding. Forty-four percent think that cybercrime is only an issue for larger organizations and believe it does not affect them. Fifty-two percent believe that because they are not well known, cybercriminals will not specifically target them. Forty-five percent do not think that they are a valuable target for cybercriminals. Lastly, forty-six percent do not think they can be a source of profit for cybercriminals.
Take a moment to let that sink in. Approximately half of these small and medium-sized companies are basically saying that security doesn't matter to them because cybercriminals either won't find them or they don't think they have information of value to a cybercriminal. Eighty-eight percent believe they were adequately protected against security threats even though forty-three percent admitted they accept the default settings on their IT equipment. Even more amazing is that forty-two percent dedicate just one hour a week to proactive IT security management even though twenty-one percent acknowledged that an attack could put them out of business, thirty-two percent have been attacked more than four times by cybercriminals in the last three years, and twenty-six percent took at least a week to recover.
Now, think about how many times you've bought something online in the last year or so from a small or medium-sized company. Scary, isn't it? Until these companies start treating security as a proactive discipline, things are going to get much worse before they get any better.
