|Issue:||Latin America I 2003|
|Topic:||IT Network Security for Small and Medium Businesses|
|Author:||Herbert A. Molina|
Herbert Arturo Molina graduated in industrial Engineering from the National University of Engineering (UNI) in Lima, Peru. Institution, which was founded in the late 1800’s following the strict academic guidelines from the Massachusetts Institute of Technology (MIT) in Cambridge, MA in the US. Molina holds an MBA with a major in International Business from Texas A&M University.Herbert Molina has over 20 years of sales management and marketing experience having worked based out Peru, US, and Brazil most of them dedicated to the transfer of technology to Latin America and Europe. Molina has worked for companies such as Price Waterhouse Coopers in Lima, Peru and Scovill, RobertShaw Controls, Unisys, Wang, Computer Associates, Seagate, Mcafee/Network Associates and currently at Sybari Software where Molina joined in mid 2001 with the task to create and implement Sybari’s South Florida, Caribbean and Latin American Operations based out Plantation, Florida. Under Molina’s tenure at McAfee, offices were opened in Mexico, Colombia, Plantation and Brazil where Herbert Molina was instrumental to acquire McAfee’s Distributor business based out of Sao Paulo operation, which had at that time more than 50 employees. Under Molina’s regime sales of Antivirus, Protocol Analyzers, CRM, Firewalls and Encryption solutions grew from 2.0 Million US to over 37.0 Million in 4 years.
In Latin America, few SMBs have adopted effective Internet security measures. Information technology providers are just beginning to realize the importance of the SMB marketplace and its needs. They have a responsibility to educate and protect these “locomotives” of the local economies by positioning their technology where it can do the most good. The propagation speed of malicious virus attacks doubles every six months. The Melissa virus took four hours to infect the Internet in 1999, today, it would take minutes.
In spite of tight IT (information technology) budgets, spending on network security policies seems to have been climbing for the last 4 years on a worldwide basis. However, many Small to Medium Enterprises (SMEs) still do not seem to be getting the message or understanding the need to start protecting their networks against outbreaks of virus attacks. In the Latin American Region, on average, only 25% of the total number of existing SMBs has begun to adopt some sort of security policy. Their average spending for this sort of protection fluctuates between US$ 6,000 US and US$ 12,000, annually. This amount, of course, includes the cost associated with the professional personnel needed to manage and support, on a part time basis, the use of the chosen Anti-Virus and Firewall solutions and devices. For the purpose of this article, a Small to Medium Enterprises (SME) in Latin America would be defined as any organization doing legitimate business, which employs an average of 10 to 15 people, has at least one server installed, has been in business for at least 5 years and, of course, is connected to the Internet. Contrary to what occurs in Latin America, in the US and Europe more than 50% of the existing SMBs are planning to increase their IT budgets to add more security during 2003 and 2004, while at least 30% have decided to keep their IT budgets flat – as they did in 2001 and 2002. In general, according to recent IT surveys conducted throughout the US, Europe and Latin America, SME executives hope, or would like, to increase their IT network security, performance and budgets. The great majority of them, though, do not have any idea about how much it might cost and how complicated it might be, to go through a network security and performance upgrade exercise. Many SME executives see their companies far from being secure fortresses. Indeed, most of them are rather like small airports that permit a steady flow of information to fly into and out of their networks, exposed and highly vulnerable to all sorts of danger. It is a fact of life that many large or medium size information technology providers tend to focus only on servicing global customers or work only with multinational channel companies. Latin America is not an exception to this rule. However, as the globalization process continues, many technology providers have begun to realize the great importance of working and cultivating the SME marketplace by making sure that these clients get the latest technology transferred to them and a series of value added services as well. What information technology providers have been discovering is that it is very lucrative indeed. SMBs are rapidly becoming a very significant portion of their revenues in the Latin American region. In such countries as Mexico, Brazil, Colombia, Chile and Peru, SMBs generate at least 50% of all jobs and 50% of the annual purchasing power, across the board, for the IT marketplace. SMEs operate in a diverse spectrum of vertical marketplaces such as healthcare, distribution, commercial services, education, financial, legal and education. A market study conducted by Select in Mexico City, shows that close to 94% of all companies operating in Mexico are SMEs. Together they contribute almost 52% of the country’s total annual revenue. A very similar situation is found in Brazil. This business phenomenon began in some of the region’s countries, in the mid 80’s. At the time the majority of business or commercial transactions were conducted by mail, fax, telephone or personal visits. Concepts like Internet or Internet security were futuristic concepts found only in certain specialized books about IT written for professionals working in the computer field. Later, the concept of EDI (electronic data interchange) was introduced to improve transaction efficiency and productivity. The trade-off, however, was expensive due to the high cost integration and implementation. Of course, any progress and any benefits to be found using this new, leading edge technology accrued only to companies with large IT resources and budgets. By the early 90’s the concept of secure transactions gained attention in some quarters as a potential threat or concern. At this point, security became a concern for those SMEs in the US and in Europe that needed to integrate their networks with those of their suppliers or with the on-line systems of the financial institutions with which they maintained relations. In 1993 or 1994, certain Mexican companies adopted this new technology, and I personally remember the complex nature of the business model it called for. Next, around 1995 the Internet arrived in Latin America with all of its adrenaline. With the Internet came concepts such as encryption, authentication, digital certificates, intrusion detection, help desks, protocol analysis, and many, many, others which – at that time – sounded like futuristic terms extracted from some Sci-Fi, Star Wars-like novel. Early adopters, mainly large enterprises, but some SMEs as well, benefited from the implementation of these new technological concepts. Why? Because it was necessary to protect themselves against malicious attacks initiated by virus writers, hackers or crackers who were having “fun” by hurting or destroying companies, institutions or individuals. These “fun seekers” were equal opportunity destroyers; they did not care at all if the targeted victims were for profit, non-profit, charitable or even governmental organizations. It has been recently shown, that the propagation speed of malicious virus outbreaks doubles every six months. If a virus such as Melissa took four hours to infect the Internet in 1999, today, it would take just minutes to do the same job. Large enterprises worldwide are implementing state of the art IT networks, and adopting security policies and procedures to protect themselves, in response to the growth of businesses in various fields, done on the Internet. SMEs need to follow suit, travel the same technological path as the bigger organizations, and increase the performance of their networks, become more cost efficient and be more competitive. SMEs in Latin America, once again, are no exception to this rule. This seems especially true when we consider that the globalization process, B2C, B2B and B2E continue to grow in volume and revenue throughout the region. In Brazil, for example, when the privatization of the Telebrás, (the state control holding company for the country’s telephone operating companies), begun in 1998 there were only 4 million sets of cellular telephones in active use. It has been estimated that by December 2002 there were more than 30 million cell phones in use. It also has been estimated that, by the end of 2003 under normal conditions, electronic commerce in the region should total as much as 10 to US$ 12 billion. Brazil and Mexico alone will account for 70% of that December 2003 volume. Without a doubt, SME companies are already among the biggest users of cell phones and will generate a substantial portion of the region’s e-commerce revenues. SMEs have been constantly facing, and will continue to face, new challenges in Latin America. They suffer from a chronic lack of financial resources to allow them to grow. This lack of resources makes it difficult, as well, for them to educate and train their work force about the importance of securing transactions and IT networks against viral attacks. The senior managers at every SME need to understand the problem and embrace those solutions that will reduce their vulnerability to cyber attacks, to cyber terrorism. During 2002, the average annual billings of SMEs in Mexico and Brazil fluctuated between US$ 80,000 to US$ 100,000. Individually, these companies may not be giants, but collectively they are the driving force of many local economies. The technology providers in the Latin America marketplace, especially those dealing with IT network security technology have a huge responsibility to educate and protect these vital “locomotives” of the local economies by transferring, training and positioning their technology where it can do the most good. Suppliers have a special responsibility to the companies they work with and the market they supply to facilitate SME access to protective technologies and place special emphasis upon the education of SME workers to meet cyber threats. This should be considered an essential part of the value-added services that SMEs are provided with by any vendor, be it directly or through any of its “country” channel partners. In the event that an SME does not have the resources to implement sound in-house IT security policies and procedures, they might consider hiring outside help or turning to an outsourcer. There are many small, technically capable companies in the region that provide such services. One would hope, that in the future, when a destructive, fast, virus such as Melissa, Red Code, Numbed, Kales or SO Slammer strikes, IT networks worldwide through the Internet, companies large and small alike will be able to resist and not be vulnerable to damage. Security threats are here to stay. Any enterprise using the Internet to do business domestically or internationally, and especially SMEs, needs to adopt a proactive approach to IT Network Security and be constantly prepared to meet the threats of cyber terrorists.