The information were presented for the second consecutive year by Panda Security laboratories, which have published the results of International Barometer of Security for small businesses. The study was made between April to June 2010 and it was addressed to the companies that use between 2 and 1000 systems, but are not customers of Panda Security; the number of the respondents was slightly higher than at the first edition, covering Europe, plus the American continents. Most companies are located in Spain (3141 in number), U.S. (1532), United Kingdom (569), Germany (456), Brazil (436), Mexico (401) or Sweden (389).
At a a closer look of the results and comparing the situation with the one from 2009, a regular user can observe that while many ordinary users are concerned about information security (the best example being given by readers of this Website), there are owners or managers making use of any pretext to spurn this issue. About 7% of participants (as in 2009) does not give any importance to online security, and countries like Belgium or Russia remark themselves negatively, where the rates are of 9% and 10% above the average.
Moreover, even where security solutions are used, the poor understanding of the phenomenon makes some commercial agents to install inappropriate products (and the study makes a clear reference to those free antivirus programs, for individual users) or incomplete (no spyware capabilities, spam, or without a Web filter), hence the large number of infections. Half of European companies surveyed have admitted that they have one or more problems.
Switzerland mus be named here, as having the highest rate of affected systems last year (64%) and Spain and Italy (59% and 57%), while some South American countries have a situation, which is very alarming, at least by taking into account that proportion of 89% or 83% in Paraguay and Venezuela.
The lack of extra security measures designed to cope with the latest information, is a direct consequence of reduced investment in recent years and the statistics indicate very clearly that where the necessary amounts were allocated to the purchase of antispam solutions, antispyware and to implement an effective firewall, the number of reported incidents was significantly lower. It should be noted also that 41% of Spanish companies present in the study (and 31% of European ones) have a technical department.
Sure, it is assumed that employees possess the minimum knowledge of IT, but for implementing and enforcing a security policy (ranging from procurement to personnel training and software) you need specialists that must be paid accordingly. Only the United States and Canada are the countries where the situation has improved compared to previous study of 2009; the study recorded a slightly higher interest of managers in these countries over the issue of security.
As for the campaigns which rejected any steps on security, this including software and qualified IT personnel, they considered the approach as unnecessary and too costly one, motivating the decision by lack of funds (41 % Latin America), citing resources consumed by this kind of programs (11% in Europe), indifference (where 57% of Americans, compared with only 21% of the Canadian managers who think the same way) and even saying that they do not use their PCs.
As a conclusion, we have to say that it would be that whatever the economic climate (more or less favorable), the investments in security and in implementing the security policies must become a priority of managers, otherwise, there are serious chances that the work of some companies to be blocked by attacks, up to their complete exit from the market.
And as these attacks have increased in intensity (not only in frequency), the adoption of proactive protection methods is a must and also of in-the-cloud solutions, security as service (SaaS), Web filtering and antispam, the delineation of a security perimeter (Intranet).
The respondents from Latin America considered (at a rate of 68%) that the IT security is very important, closely followed by Americans (67%), while Europeans, in terms of percentage of 58% seem a little more peaceful. From the European countries, France and Russia have a negative note, only 35% of respondents considering this issue as very important. Moreover, in Russia, 10% believe that the IT security is not at all important, despite of powerful local solutions (I am referring to Kaspersky or Dr. Web).
With no noticeable changes compared to the last year, there is a tendency to use an anti-virus solution (doubled by a firewall) which remains prevalent, while only the Americans also use the antispyware component. Instead, the interest in a Web filter is manifested in fewer than half of respondents, regardless of geographic spread. Regarding this, you can read the articles related to the Panda USB Vaccine.
Free vs. paid antivirus antivirus
To the surprise of those who made this barometer, the Americans (64%) most often use anti-virus programs (more accurately, security programs) that are free, while Europeans, in an overwhelming proportion (98% in France, 95% Spain, 94% Germany) seem willing to pay.
And when you raise the subject of updating the system, unfortunately, there are still managers who do not know if they have installed these updates, or if they are available. The barometer rose slightly from 2009, the percentage of those who responded honestly (but not incentive) telling they “do not know”, answers like this totalizing around 5% in Latin America, Europe 6% and 5% in Canada. The Americans are proved to be the most appropriate people who know the facts, stating that 88% have installed these updates, 12% saying that they did not install the updates.
Beyond explanations referring to the current economic situation, there are not few aberrant cases like these ones: in Peru, 17% of respondents believe these programs are unnecessary, while the remaining 83% still think if they are good or not, or in Belgium, 30% of respondents are dissatisfied with the resources consumed or some cases are truly hilarious (14% of Spanish people said they do not use the computers and they do not have a reason to invest in their security.
These answers came from managers or employers that manage the business departments of a large number of companies (SMBs / Small and Medium-size business = less than 1000 employees) that do not seem at all concerned about the online security.
