Johnny Karam, Symantec’s Regional Director for the Middle East and North Africa
Symantec Corp. today announced the findings of its Small and Medium Business Information Management and Security Study in the Middle East, in partnership with research company, YouGov. The survey revealed that the majority of small and medium sized businesses in Egypt, Saudi Arabia and the UAE are not taking effective measures to secure and back-up their important information, nor are they setting aside a dedicated budget for IT.
“It is a major concern to find that while SMBs place significant importance on critical information such as financial records, customer databases and corporate data; yet they are taking very basic measures to back-up and secure that information,” said Johnny Karam, Symantec’s Regional Director for the Middle East and North Africa. “Symantec’s latest intelligence report shows that the UAE and Saudi Arabia rank high for phishing and virus attacks, so we know the threats are real in this part of the world. Global trends also show that cybercriminals are more likely to target small businesses as they have more money than individual targets and far less security than large enterprises.”
SMB IT investments are reactive and need-based
The survey found that SMBs in Saudi Arabia, Egypt and UAE are spending up to US$ 10,000 per annum on IT; with the 17 percent majority spending in the range of USD 1,000 to USD 5,000. 45 percent of respondents in Egypt do not have a fixed annual budget for IT and are making purchase decisions as and when needed, the same is true for 45 percent in UAE and 39 percent in Saudi Arabia.
“The survey results tell us that a high percentage of SMBs are making purchase decisions for IT on a need basis, without threat assessment of their critical information, and without long term planning,” said Karam, “it is likely these adhoc purchase decisions are being made to rectify issues only after they happen. SMBs would benefit greatly from a more strategic approach to IT. They could actually save money, given that the costs associated with a security breach or loss of data, loss of business and most importantly damage brand reputation.”
Back-up and recovery problems prevalent for SMBs
In Egypt, data loss due to power failure was noted as the issue faced most frequently, while UAE and Saudi Arabia highlighted the inability to recover data from back-ups as the biggest problem. In addition, the research found that the frequency of back-ups was not optimum, with only one third of respondents backing up on a daily basis. Only a quarter (26 percent) of respondents claim they have never experienced an issue recovering data from their back-up, or faced loss of data due to power failure.
“The issues recovering data could be a result of a lack of understanding relating to backing-up of data,” commented Karam. “The vast majority of SMBs we surveyed truly believe that by copying data to a CD, DVD or hard drive, they were backing-up that data. Considering the rate at which data is expected to grow this coming year, small business owners need to consider back-up and recovery solutions that ensures invaluable information – such as financial records, customer databases, employee data – is available and better protected.”
SMBs concerned about hacking and virus attacks
Between 57 and 72 percent of respondents identified virus attacks as a key concern and between 44 and 63 percent expressed concerns around external hacks. On average across the region, only 29 percent claim they had never faced a known attack on their systems by a virus or malicious code.
Despite these concerns and the high incidence of issues being faced by SMBs, when asked what security measures were being taken against these attacks, only the very basic security protection is implemented. Internet antivirus, automated antivirus checks, password protection for network access, firewalls and user authentication where the five most common IT security measures implemented across all three markets. More advanced security measures like authorization for downloads, encryption of sensitive data and archiving of information were not as commonly implemented by SMBs across the Middle East. For example, fewer than 60 percent of respondents encrypt sensitive documents. In addition, the survey shows that in Saudi and Egypt, less than half of the respondents are archiving data, 49 percent in Saudi and 44 percent in Egypt; while in UAE only 52 percent are archiving their data.
Symantec Recommendations for SMBs in the region:
- Develop an IT strategy and budget: Consider the financial implications around a breach of information, data loss, virus or malware attack. Now consider the other implications, like loss of time or worse – loss of brand reputation. SMB’s should regularly evaluate their security and data protection strategies in order to make more planned decisions. Handling IT on an ‘as needed’ basis could mean you end up spending far more than anticipated particularly when issues arise.
- Select trusted solutions that fit your needs: There are several backup options for SMBs, whether it’s software, hardware or moving to the cloud. Small and medium businesses should start by finding a solution that best fits their needs and then consider, categorize and prioritize the data they need to backup and protect. It is important to know where data is, who needs to access it, who is accessing it and then consider a backup solution that can help protect that information.
- Take action and protect your business: Cyberattacks are evolving and becoming more toxic and targeted; the threats are very real in the Middle East region. SMB’s need to assess their security situation, put a security strategy in place and implement security solutions that will offer them all-round intelligent security that goes beyond antivirus but also looks at antimalware.