SMEs struggling in the face of BYOD and new cyber threats

SMEs are struggling to keep IT infrastructure up to date with cyber threats and new ways of working, a survey shows.

Small and medium enterprises (SMEs) are struggling to keep IT infrastructure up to date with mobile working and the increasing volume and sophistication of cyber threats, a survey has revealed.

Most SMEs (92%) now need to support remote working, but more than half 571 IT managers polled by security firm Sophos said they were concerned most about related security risks.

More than a third said applying consistent security policies was a top challenge, 35% were concerned about managing remote devices and 30% saw data encryption as a challenge.

Wireless networks are also a concern, the survey found, with only 21% of respondents saying they were "very confident" that their wireless network is secured.

The research also found that, on average, firewalls were five years old,  one in five respondents had suffered a network outage caused by malware in the past 12 months, and more than a third struggle with applying consistent security policies across all offices.

"Trends such as remote working, mobile and cloud are having a huge impact on the way SMEs think about protecting their networks," said Gerhard Eschelbeck, CTO at Sophos.

For SMEs, he said, it is critical that any network security solution has both the ease and simplicity of a one-size-fits-all approach, yet still addresses the specific vulnerabilities of each device or mode of working, as well as every access point on the network.

Cloud computing is seen by many SMEs as an area of potential security risks, with 44% of respondents saying the growing need to use cloud is a major concern.

Other security concerns include sophisticated threats (39%), managing mobile devices (39%) and data loss prevention (35%).

"Companies are re-evaluating how they tackle IT security. A fragmented approach is consistently leaving networks vulnerable to attack as new technologies, such as cloud, and new mobile devices require more advanced security architectures," said Eschelbeck.

For many SMEs, he said, it is time to take a comprehensive approach to security that ensures all elements of protection work together as they plan to make technology additions that will have a significant impact on the security infrastructure.

The survey revealed that 44% of respondents planned IT investments, including virtualisation (48%), cloud computing (44%), remote working (44%), and improvements in the wireless network (49%).

Most companies (70%) also planned to support these new technologies with further investment in security.  "It is vital that this investment ensures the security fabric of the entire business is as robust as possible and able to support new and evolving technologies," said Eschelbeck.

While many SMEs know they need to do something to make their business data more secure, they often do not have the in-house expertise to know exactly what should be done, said Guy Hocking, operations director of IT support firm Utilize.

SMEs also tend to implement new technologies to cut costs, boost productivity and enable innovation, but without thinking through the security implications, he said.

Security, however, is not something SMEs can afford to neglect, particularly as it could be a differentiator, said Tracy Andrew, information security and compliance officer at law firm, Field Fisher Waterhouse.

In a highly competitive market, SMEs could use security credentials as a way to give themselves a competitive edge where the main product of service is not that different from their rivals', he said.

To capitalise on SME security requirements highlighted by the survey, Sophos is focussing on developing multi-channel delivery mechanisms for highly integrated products that provide comprehensive data protection, yet remain easy to implement and use.

"We recognise that for the SME, security technology has to be simple and integrated," said Gunter Junk, regional vice president, Europe at Sophos.

A fragmented approach to security does not work in the face of broad, automated threats being created and used by organised criminals, he said.

Read more on Hackers and cybercrime prevention