Mid-sized companies which try to cope with the economic downturn by cutting computer security budgets are risking losing more money as they open themselves up to cybercrime.

In a situation which will undoubtedly play out across the whole business scene, cutting back on IT security is a false economy, and say McAfee, is often justified by the companies thinking that the cybercriminal is only interested in larger companies. This say McAfee is the Security Paradox and is the title of a comprehensive research report on mid-sized companies and their approach to IT security.

The McAfee report shows that half of mid-size companies surveyed globally have seen more security incidents in the past year. Indeed, one mid-sized company alone lost $43,000 on average to security incidents. Yet the majority of these same companies are nevertheless reporting spending freezes on their IT security budgets.

But mid-sized companies mistakenly believe that cybercriminals will overlook them for bigger targets. The McAfee report showed that 43% of mid-sized companies questioned believed that companies with 501+ employees are most at risk for a security attack.

Whereas, in reality, on average companies with less than 500 employees actually suffer from more attacks.

Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, said:
“An organization’s level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources. But this creates a vicious cycle of breach and repair that costs far more than prevention. Our research shows that organizations that put more effort on preventing attacks can end up spending less than a third as much as those that allow themselves to be at risk.”

The McAfee report goes on to say that 65% of midi-size organisations surveyed worldwide spend less than four hours a week on IT security proactively, but nearly the same amount (67%) spend more than a day recovering from IT security attacks. The report also highlighted the varying approaches in countries across the world. Interestingly, the countries where companies invested the least time on prevention, Canada and France amongst them, suffered the greatest financial losses and downtime from cybercrime. And they required a week, or longer to recover from their most recent cyber-attack.

Other facts that the report also revealed include:

• in 2008, US mid-sized companies spent a total of $17.2 billion fixing IT security incidents;
• last year, on average, a single US mid-sized company spent more than $75,000 a year on IT security incidents;
• the mid-sized company has seen, on average, a 322% increase from 2008 to 2009 of average cyber-attacks;
• over half (56%) of mid-sized companies globally have seen more security incidents this year than last, and 29% suffered a security breach in the last year;
• in the past there years, of the mid-sized companies that have had security breaches, those with 101 to 500 people have had about 24 incidents compared to only 15 incidents for organizations with 501 to 1,000 employees.

Guest Article by Neil Camp

McAfee and Verizon Business have formed a global strategic alliance which has at its heart an ambition to provide integrated security solutions to businesses and government agencies worldwide.

Verizon Business, a unit of Verizon Communications, is one of the world’s largest providers of IT, communications, security and network solutions.

The alliance means that Verizon Business will offer McAfee’s entire line of enterprise security products and services. In return, McAfee will tap Verizon Business’ data center outsourcing and expert consulting and managed services capabilities. Working together on future projects, the two companies will jointly develop a suite of next-generation, cloud-based managed security services.

The basis of the agreement is to offer enhanced value to enterprise clients by providing comprehensive world-class security solutions and services, including new cloud-based offerings

Kerry Bailey, senior vice president of Verizon Business Global Solutions, said:
“This strategic agreement with McAfee enables us to drive even more complete and integrated IT solutions to enterprises across the world. Verizon Business will be able to expand and more fully touch every facet of enterprise security so that enterprises can confidently do business in this digital age. Our newly expanded and next-generation cloud capabilities will enable organizations to better use security as a strategic tool and business enabler.”

David Scholtz, senior vice president of worldwide strategic alliances at McAfee, said:
“This agreement underscores the importance of delivering comprehensive security solutions to meet the needs of business and government clients. The complexities of today’s threats and turbulent economic times call for agreements of this kind; where products from multiple providers are combined to help improve our customers’ investments and control their operational costs.”

The agreement between the two companies has several key components, including:

• Verizon Business will offer full complement of McAfee enterprise security solutions to its client base via Verizon’s customer premises equipment (CPE) catalog. The new security offerings broaden the choice of world-class security solutions available to the Verizon Business customer base. This will also help McAfee significantly expand its global distribution channel;
• from the autumn, Verizon Business will offer McAfee’s PCI (Payment Card Industry) compliance services to banks and other organizations that support merchants that handle fewer than 20,000 e-commerce transactions, or up to one million credit card transactions each per year;
• McAfee customers will have access to the Verizon Business network of 1,200 security professionals. This teams designs, implements and integrates holistic security solutions worldwide;
• McAfee and Verizon Business will together offer a comprehensive portfolio of managed security services (MSS) to enterprises;
• Verizon Business will provide comprehensive data center outsourcing services to McAfee and help it consolidate its data centers. This will enable McAfee to further improve the 24/7 management of its Web hosting operations and better position the company to deliver cloud-based solutions;
• the two companies will jointly develop and market a suite of next-generation, cloud-based managed security solutions.

Guest Article by Neil Camp