The latest survey from security vendor McAfee has found that small to medium-size businesses wrongly conclude their revenue is too low to draw the attention of cybercriminals.
SMBs are in fact rich hunting ground for hackers, McAfee said. Although there may be less money or data to steal, the attacks are also less likely to gain the attention of law enforcement organizations such as the U.S. Federal Bureau of Investigation.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and , both from InfoWorld. ]
"Lots of small attacks add up to large amounts of revenue," according to the survey , which polled 500 companies in the U.S. and Canada. There are an estimated 7.4 million SMBs in North America.
McAfee's study this year focused on North America, whereas last year it surveyed 600 European SMBs. However, the conclusions of the two studies are similar. About 45 percent of North American businesses felt they did not have valuable data to steal. Last year, 58 percent of European businesses gave the same response.
In the U.S., 39 percent of businesses with up to 1,000 employees reported spending an hour or less a week on IT security. The figure is higher for Canadian businesses: 44 percent.
Part of the problem is that attention to security takes time, and SMBs have fewer resources. Many don't have an employee dedicated full-time to IT security. But McAfee argues that SMBs could face critical shutdowns in business as a result of weak security.
Every business retains employee data, which could be valuable, the survey said. Also, every business is hit with spam, which often is laden with malicious data-stealing programs.
McAfee said it expects hackers to increasingly go after VOIP (Voice over Internet Protocol) phone systems, virtual systems, as well as mobile devices. McAfee's advice: patch regularly, filter e-mail, and use antivirus software.