According to IDG survey data of 100 IT managers at US corporations of all sizes, 74 percent of respondents said their sites are “totally” or “very” secure, with another 15 percent deeming their sites “reasonably” secure. However, other answers provided about what these companies are actually doing to protect their sites shows that their assessments of secureness are frequently off target.
For example, 33 percent of respondents said their organizations never conduct vulnerability scans or assessments of their websites, 11 percent don’t know whether or not their sites are secure, 59 percent don’t know if their sites are protected against brute force attacks, and only 38 percent said it is very likely their sites are protected against cross-site scripting, which report sponsor Symantec has identified as the most serious Website-based threat to corporate sites. This lackadaisical approach by many companies is even more serious considering that the average U.S. company experiences a corporate site breach about once every four years.
So how can MSPs fill in the gaps that plague so many organizations’ site security efforts? Here are a few suggestions, backed by more data from the IDG report.
While 83 percent of respondents at large organizations say their sites are totally or very secure, this figure drops to 72 percent of respondents at mid-sized organizations (1,000-4,999 employees) and 65 percent at small organizations (less than 1,000 employees). In addition, while 67 percent of large companies have tested for site security vulnerabilities in the past month and 53 percent repeat these tests every month, those figures respectively drop to 57 percent and 13 percent among mid-sized companies and 48 percent and 32 percent among small companies.
It is not too surprising that small companies feel less secure or actually less secure in their Website activities than larger companies. SMBs are an excellent market segment whose value is often overlooked by larger service providers, another good reason MSPs should consider targeting them.
While only 16 percent of respondents use automated remote scanning from an external provider to assess site security, they reported some of the highest levels of confidence in their security effectiveness. MSPs should look into providing automated scanning services and explain to clients how those who use them tend to feel the most confident in their site security.
Once Bitten, Twice Shy
Thirteen percent of respondents had been victimized by a site security breach in the past six months and one in five companies can expect to have its site breached in any given year. As the saying goes, “Once bitten, twice shy,” and any company that has recently suffered a security lapse will be much more interested in investing in third-party security services. MSPs should keep track of what companies have recently experienced site security issues, both through media reports as well as through networking, and step in to offer help when it is needed.