A NEW study by Symantec Corp notes that 50 per cent of SMBs (Small and Medium-sized Businesses) in Singapore plan to increase IT security and storage spending over the next 12 months, despite the present economic crisis.
Symantec's Eric Hoh told BizIT that SMBs in Singapore place a higher emphasis on protecting information and servers (84 per cent each), compared to e-mails and desktops (48 per cent and 26 per cent respectively).
The results are a part of the Asia- Pacific, including Japan (APJ) findings of Symantec's 2009 Global Small and Medium-sized Business (SMB) Security and Storage survey which will be released today.
According to Mr Hoh, who's Symantec's senior VP for Asia South Region, 74 per cent of Singapore SMBs polled are worried about security issues arising from remote devices connecting to the network.
Around 72 per cent of respondents were worried over the possible loss of confidential information via USB and other devices.
Loss of confidential information due to insider attacks worry 66 per cent of respondents while viruses was a cause for concern for 64 per cent. Data breaches was listed by 64 per cent as the main worry.
Mr Hoh noted that some possible reasons for these key concerns could be the increasing mobility of the workforce in Singapore and in Asia.
'Endpoints such as laptops, mobile phones and PDAs (personal digital assistants) continue to threaten an organisation's security in both an outbound and inward manner - data can be lost through these endpoints and viruses can be introduced into the organisation through these endpoints.'
Symantec believes that insider threats will increase as economic pressure rises, Mr Hoh added.
According to him, when companies lay off staff, freeze salaries and suspend promotions, or when employees fear such events are imminent, the pressure is more likely to prompt employees into making bad choices out of fear.
'Insiders may try to steal confidential data and trade secrets, often via e-mail, for financial gain or merely to 'get even'.'
He noted that malicious insider incidents are mainly 'crimes of passion' and are not part of long-term plans, but more of a thoughtless action during an emotional moment.
'Without adequate controls in place, critical data could leave the company. SMBs need to know where their confidential data resides, how it is being used and how best to prevent its loss.'
Comparing the findings for Singapore with that from around the region, Mr Hoh noted that Singapore SMBs were more concerned about the loss of confidential information via USB and other devices (72 per cent) as opposed to SMBs in Australia (50 per cent) and Hong Kong (56 per cent). 'The most concerned SMBs in the region were from New Zealand and China with 80 per cent each.'
The Symantec official noted that when it came to the loss of confidential or proprietary information or data via e-mail, Singapore SMBs were one of the least concerned in the region (28 per cent were extremely or somewhat unconcerned). In comparison, China and New Zealand each had 80 per cent concerned and South Korea had 76 per cent.
Interestingly, 34 per cent of Singapore SMBs have suffered a data breach - the lowest in the region. Coming up tops with the most number of breaches were New Zealand (70 per cent), South Korea (68 per cent) and Hong Kong (64 per cent).
Mr Hoh noted that Singapore SMBs usually have limited time, money and expertise to secure and manage their information from external and internal threats.
'Other pressing business needs tend to take precedence over security, back-up and recovery for computer and network systems; leaving businesses vulnerable to data and system losses and causing serious damage and business interruption.
'The automation of key processes such as backup and recovery, endpoint protection and data loss prevention will help Singapore SMBs improve cost efficiencies and streamline manageability,' he noted.
The survey findings show that 84 per cent of IT spending by SMBs in APJ will either increase (57 per cent) or remain the same (27 per cent) this year despite the current economic uncertainty.
System upgrades, automated patch management and data replication ranked as the top three IT investment priorities in APJ this year, Mr Hoh said.
The survey also revealed that the top three concerns of APJ SMBs are viruses, data breaches, and loss of confidential or proprietary information through USB and other devices.
Findings on storage showed that 70 per cent of APJ SMBs are extremely concerned with back-up and recovery of data, followed by disaster recovery planning and strategy (64 per cent), and archiving data and e-mails (56 per cent).
'Yet 53 per cent of SMBs have not deployed desktop back-up and recovery solutions, and 45 per cent perform back-up on a weekly or less frequent basis,' Mr Hoh noted.
These gaps in basic levels of security, despite an awareness of the current internal and external threats amongst APJ SMBs, are driving an increase in security breaches, with the most common causes being system breakdowns and hardware failure, human error and improper or out-of- date security solutions, he noted. A lack of budget (41 per cent) and employee skills (40 per cent) were cited as the main barriers to securing the SMB environment.
The Symantec official added that his company has expanded its security portfolio by offering new protection suites for SMBs as well as enterprise customers. It also added Web security technology through the acquisition of Mi5 Networks.
'Symantec Protection Suite Small Business Edition and Symantec Protection Suite Enterprise Edition are comprehensive solutions designed to secure firms against security risks and business interruptions, ensuring systems and critical information are readily available,' Mr Hoh said.
He added that the Symantec Protection Suites are scheduled to be available in summer of this year.
