A lack of threat awareness is not the problem. The study shows that almost all businesses in this category have installed anti-virus programs and kept security systems up to date, but a large number of SMBs still become victims of cyber crimes. When disaster strikes, viruses (41%) followed by spyware (26%) are most often the cause.

In a conversation with SC Magazine, Luis Corrons, PandaLabs technical director suggested, “these companies often lack the in-house staff and resources to fight off increasingly sophisticated and exponentially more targeted Internet attacks.”

The study’s results support Mr. Corrons claim that SMBs are not or able (or willing) to allocate the appropriate resources to close vulnerabilities and properly secure their environment.

• 52% of survey respondents have no web filtering solution
• 39% are untrained/unaware of IT threats
• 29% have no anti-spam solution
• 22% are without anti-spyware technology
• 16% do not have a firewall

So what should small and medium size business owners do?

Network vulnerability scans provide extremely high value. A thorough scan of your website(s), database(s), and application(s) can identify disasters waiting to happen. With a starting pricepoint around $100 each, vulnerability scans provide SMBs an affordable way to identify open ports, SQL injections, cross-site scripting (XSS) attempts, holes in JavaScript and web forms, and much more.

SQL Injections are the number one vulnerability exploited by hackers, by far. According to security vendor Sophos, 16,000 new websites are hit by the attacks every day. WordPress, Joomla, Drupal, .NET, classic ASP, PHPBB websites have all been hit with SQL Injections. Do NOT roll the dice on this one! Every web site big or small is vulnerable to injection by automated scripts attempting SQL-Injections through your webforms, dynamic URLs, etc.

This video from Graham Cluley of Sophos discusses the impact of a SQL Injection that hit BusinessWeek.

What can you do NOW to help secure your website?

1. Ensure all logins use strong passwords
2. Employ web form validation and/or CAPTCHA
3. If you’re using a CMS or website platform, ensure it’s up-to-date (including all plug-ins)
4. Ensure all components are current (ASPupload, etc)
5. Use static URLs instead of dynamic URLs

FireHost takes SQL Injection protection to the next level by:

1. Analyzing your website and web applications to assess the potential for SQL Injections and other hacking vulnerabilities
2. Protecting your website using our secure and transparent Web Application Firewall
3. Monitoring your website for new vulnerabilities