Businesses face security threats from every direction, but IT managers in small and midsize businesses have less than an hour each week to manage security. McAfee's midmarket senior VP discusses meeting this resource challenge and the five areas that spawn 80% of security problems.
In recent years, incessant security threats have grown more varied with no sign of diminishing. Yet despite the obvious risks, IT departments in many small and midsize businesses remain so overburdened that managing security is often viewed as an additional responsibility.
To help these overloaded IT staff, McAfee offers a 15 minute per day solution dubbed Total Protection for Secure Business (ToPs) that seeks to help small IT staffs gain the upper hand in managing security.
Recently, bMighty spoke with Darrell Rodenbaugh, McAfee's senior VP for the worldwide midmarket segment, about ToPs and the similarities between the security challenges smaller companies and large enterprises face and the huge disparity in the resources they wield to combat them.
bMighty: How do small and midsize business security concerns differ from those of large enterprises?
Darrell Rodenbaugh: They swim in the same Internet cesspool. They're exposed to the same risks. Their end users make the same mistakes. They're going to the same wrong places on the Web; 95% of their e-mail is spam and 25% of that carries some malicious intent. They have the same data exposure; a data breach is every bit as devastating for a small business as for a larger corporation. Fundamentally, all businesses of all sizes have the same risk profile. The challenge is that small and midsize businesses don't have the same resource profile.
Don't Miss: Keith Ferrell's Security Blog
bMighty: So small and midsize businesses are fighting the same war, but without the same war departments?
Rodenbaugh: Yes. Only 8% of companies with under 1,000 employees have a dedicated IT staff. And, of those, our studies show that the typical SMB employs 1.8 IT professionals who are responsible for network access, applications, disk farms, and so on, as well as security. In fact, IT generalists manage 92% of small and midsize business security; most of them admit to spending less than an hour a week managing security concerns.
bMighty: While the situation exists as a result of small business reality and necessity, are small and midsize businesses less of a target for cybercriminals?
Rodenbaugh: Not at all. It's like a lot of bank robberies. Bank robbers know they're not going to rob Fort Knox: they target branch banks, not central depositories. Small and midsize businesses are very much targets.
bMighty: If the security challenges and threats small and midsize companies face are the same as those of large enterprises, is it safe to assume that their security needs don't differ a lot either?
Rodenbaugh: They really don't, except in this way: The largest of enterprises have the resources, and are able to invest more in security solutions and personnel -- more elegant tools, entire professional careers built around security. For a smaller businesses, the generalist IT manager's tools must provide the same level of security in a one-hour-a-week window. That's the midmarket paradox.
bMighty: How do you deal with the paradox?
Rodenbaugh: Every vendor is seeking to deliver the right technology and provide secure tools to the small and midsize business space. The challenge we [McAfee] wanted to tackle with ToPS was to deliver smart, simple, and secure tools that are easy to manage install and maintain, but that are technologies developed to fit into those SMB constraints -- limited budget and resources. We're trying to deal with business realities as opposed to just scaring customers into spending more time and money.
Don't Miss: Keith Ferrell's Security Columns
bMighty: That said, are scare tactics effective?
Rodenbaugh: Unfortunately, the most effective trigger that forces security investment is getting hit. Once there's a problem, it's all hands on deck. Otherwise, we all understand businesses' hesitation to apply resources to security: management is trying to grow the business, meet payroll, deal with all the other challenges and demands that a business creates or must respond to.
Next Page: Where SMBs Excel At Security
