Survey: 70 Percent Of Small/Medium-Sized Enterprises At Risk Of Network Security Breach -- Security Today

Survey: 70 Percent Of Small/Medium-Sized Enterprises At Risk Of Network Security Breach

Dec 04, 2008

Napera Networks recently issued the results of an online Network Test that asked 200 small and medium-sized enterprises a series of questions to determine if the corporate networks of the companies are secure and protected from potential threats.

The results are in, and the answer is overwhelmingly "no", with more than half reporting they either do not have the policies, practices and solutions needed or are not able to enforce security policies and are at risk of having their network or data compromised.

The primary security issues revealed from the test were: computers not kept up to date, Wi-Fi security and encryption practices, unknown threats from mobile workers and laptops, an increased need to provide guest access, and an overall lack of policy governing endpoint security. The inability of companies to deal with these issues led to 70 percent of the respondents receiving scores showing medium to high security risks to their networks.

Key statistics and trends revealed from this study include:

57 percent of IT managers are not confident that their organization knows the state of every endpoint that connects to their network.
More than 50 percent of companies are using shared passwords or no encryption at all on Wi-Fi access points.
Only 29 percent of companies check to make sure computers up to date and patched before allowing traveling or remote employees to access the network when they return to the office.
More than 50 percent of companies surveyed have guests accessing the network every day, with 20 percent allowing non-employees to plug directly into the network without security check or controls.
31 percent of companies do not know the identity of every user on their network.

"This data highlights why so many companies are struggling to control security on their networks despite having invested heavily in traditional security solutions,” said Todd Hooper, CEO of Napera Networks. “Many of the respondents do not have the right policies in place to secure their networks from today's most common threats, and those that do have policies generally lack a way to monitor and enforce them. The genesis for starting Napera was talking to IT managers who described exactly this set of conditions, which inspired us to create a line of products to help SMEs take control of their networks and create a more secure environment."

Taking advantage of vulnerabilities in the operating system remains a popular threat; however, many users are not taking the time to download updates to protect their systems from attacks, thereby putting corporate data and the network at risk.

More than half of the respondents admitted that computers on the network do not have the needed updates to the OS or required it based on internal security policy but had no way of knowing whether the computers actually were being updated. While the majority believed all laptops had updated anti-malware solutions activated, a large percentage did not have them activated or have no way of checking to see if they are actually enabled or updated. Setting the policies is an important step, but it is critical that there is a means to validate that users' laptops are up to date before they gain access to network resources.

Many companies still do not have set policies or a secure way to manage or control guest access to the Internet, even though customers, contractors or other partners often need access for business purposes.

When asked what companies do when a guest needs Internet access while at their office, 20 percent allowed them to connect to the network directly without any security checks, exposing their networks to potential threats from unknown laptops/computers. In addition, 16 percent of companies allowed guests to connect to their printers to print documents, also without security or set policies in place, providing another channel for potential security threats.

During times of economic downturn, outsourcing is more prevalent for all businesses, making the requirement to provide secure guest access critical to productivity. However, companies should not sacrifice security in order to gain the benefit of using contractors.

Wireless network security represented one of the highest risk categories. While 80 percent had active Wi-Fi access points in their networks, only 26 percent were using WPA Enterprise with individual passwords, which provides the greatest level of security.

Nearly half, or 46 percent, used a single, shared password for wireless access, with an additional 6 percent using no encryption at all, leaving their wireless access point open for anyone to access. While a shared password with WEP or WPA-based wireless access points is the standard in residential applications, deploying shared passwords in a commercial environment poses a clear threat to a company's network and data. In a recent report, Gartner security analysts addressed increased risks to WPA-based access points, including threats posed by hackers that have targeted and cracked the Temporary Key Integrity Protocol (TKIP) in WPA, and recommend shifting wireless access points to WPA Enterprise.

Mobile working has become the norm for the majority of SMEs as many employees travel for work, take laptops home at night, or telework part of the week. Almost half of respondents indicated their workforce is mobile. When asked what companies let employees do with these laptops when traveling or remote employees return to the office, two-thirds of respondents do not check mobile users or computers for compliance before they connect to the corporate network, bringing unknown threats with them. The need to accommodate a growing mobile workforce is apparent, as is the need to ensure that these mobile users do not compromise a company's network.

In spite of security solutions in place, many organizations are still not sure whether computers accessing the network are really secure. Fifty-seven percent of respondents indicated they are only somewhat confident or not confident in the state of every endpoint that connects to their network, while 42 percent said their company does not have a clear security policy governing endpoint security.

For example, a personal firewall is a basic security technology on all computers, but there are many companies still not requiring this or enforcing users to turn the firewall on, and many users will turn this off in spite of policies requiring it. While 50 percent of respondents indicated they are confident that every laptop connected to their network has a personal firewall enabled, 29 percent said they were not confident, and 21 percent said they require it, but don't know if all computers are enabled. Without a means to monitor that every endpoint is secure, companies face a number of potential threats that officials may not even know how to protect against.

DSI Security Officers Prevented Mass Shooting, Shielded Fellow Officer Amid Gunfire
05/09/2025
Genetec, SaferWatch Bring Real-Time Vehicle Intelligence to Public Safety Agencies
05/08/2025
ZBeta Strengthens Its Advisory Bench with New Appointment
05/05/2025
Security Trends Reshaping Enterprise Resilience Into 2027
05/05/2025
Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025

Featured

TSA Begins REAL ID Full Enforcement Today

Today, the Transportation Security Administration (TSA) announced the imminent implementation of its REAL ID enforcement measures at TSA checkpoints nationwide. Read Now
Body-Worn Cameras on the Rise

On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now
- Government
Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now
- Government
Fast-Forward from 1,000 B.C.E. to Today

The lock and key have been around since time immemorial. In fact, the locksmith profession is one of the oldest in the world when you consider the earliest wooden tumbler lock debuted three-plus millennia ago. Read Now
- Access Control
Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.