Indian SMEs Falling Short In Deploying Security Measures

Symantec has announced its India findings from the Symantec 2009 SME Security and Storage survey. The survey goes on to state that while there is a growing awareness among the SME segment in the country towards the various threats to their data, deployment of relevant solutions to counter this threat has not matched up. Inadequate budget coupled with ineffective information security management at the operational level are stumbling blocks for most SMEs in the country.

This survey has covered verticals such as financial services, healthcare, telecommunications, manufacturing, retail, professional services, education, entertainment and recreation, business support services and real estate.

While SMEs in India are aware of the need to protect information (84 percent), protect the network (76 percent), protect the desktop (53 percent), protect the servers (81 percent), protect e-mail (67 percent), and backup and recovery of data (83 percent), the stark reality is that the awareness has not necessarily translated in users actively deploying solutions that effectively protect their corporate data.

“The survey shows that small and midsized enterprises businesses in India want to protect their information, both internally and externally, but wafer-thin budgets, coupled with inadequate and under-trained manpower are clearly stopping them from doing so”, said Ajay Verma, director, Channel and Alliances, Symantec India. “As information within Indian SMEs continues to grow, there will be enormous pressure on these organisations from their customers and partners to appropriately secure and manage their information.”

Weak on Information Security

According to the survey, 61 percent of India SMEs were unaware of the present day IT security threats. While a majority of respondents are extremely concerned about basic security issues like virus attacks (73 percent), phishing scams (60 percent) and spam (64 percent), a large number of respondents did not consider data loss (68 percent), employee ignorance (70 percent), unauthorised network access (50 percent) and unencrypted laptops (61 percent) as major security threats.

While most respondents are concerned about virus attacks and are aware of the adverse effect that viruses have on their infrastructure, only half of them have an anti-virus solution in place. A mere 23 percent have plans to implement an anti-virus solution in the coming year. Though spam is a major concern, only 37 percent of the respondents for this survey have an anti-spam solution in place. This puts India at the bottom of the list in the APJ region for both anti-virus and anti-spam solution implementation.

With less than 20 percent of IT budgets being spent on security, Indian SMEs have the lowest deployment rate of security solutions across the APJ region. Countries such as Hong Kong, Australia, South Korea, and Japan spend an equivalent of almost 100 percent of their IT budgets on security.

Storage blues in Indian SMEs

Indian SMEs are slow to deploy effective storage solutions such as backup and archiving into their IT infrastructure. Here too, the awareness of the benefits of such solutions exists, but they have been hardly implemented. While 83 percent of the respondents polled know that a backup and recovery solution is critical to their organisations and 69 percent are aware of the need to archive data, only 44 percent have actually implemented a solution.

Solutions such as replication have been deployed by a low 19 percent of the respondents. Online storage too has found a few takers with only 28 percent of them using it. Data backup and archiving has seen reasonable implementation with 28 percent of the respondents having deployed the former, while the latter has a 36 percent acceptance.

While 72 percent respondents were aware of the need for a disaster recovery plan, only 37 percent Indian SMEs actually had one in place. Implementation of encryption software on removable storage devices was also deficient in Indian SMBs, with only 28 percent adoption.

Bang for the Buck

The survey shows that a majority of the respondents (60 percent) are willing to spend annually, an inconsequential amount of Rs 1,00,000 (approximately $2000) on ensuring that their systems and information are protected. While it is encouraging to see that respondents see security as a concern area and are taking steps to protect their data, SMEs in India have misestimated the budget required to securitise their data. However on a brighter note, the report states that over 57 percent respondents from India have plans to increase their IT security and storage spends in the next 12 months.

“To counter the budget constraint, we see some SMEs using pirated software, which actually compounds their woes as they struggle with regular software updates, patch management issues and growing malicious threats,” adds Verma.

Additionally, challenges faced by SMEs extend to having access to qualified, experienced and effective employees to ensure that various solutions are in place and functioning. Almost 69 percent of respondents have indicated that the security function is not separated from the IT function and is a dual responsibility on the same person.