For many businesses, security is becoming an increasingly vital part of keeping their operations running smoothly. But for smaller enterprises, it can be tricky to balance out the need to post a profit against extensive spending on defences that may hopefully never be noticed.
Speaking to ITProPortal at the recent IP Expo event in London, Sophos senior security researcher James Lyne said that the recent spate of hugely public data breaches affecting major companies has brought security into the limelight than ever before - but that this means the security industry is also greater scrutiny than ever.
"What concerns me isn't raising the awareness of breaches, or mistakes,” he said, “it's the sheer number of them, in succession, with very identical and advice for consumers and small businesses.”
“SMBs, as well as consumers, are more exposed than ever to what they hear. I think we're in a place of disillusionment, where there's so many of those breaches (and) they're powerless to do anything about it."
Following recent reports that many SMBs are putting their very livelihoods at risk by not carrying out proper security precautions, Lyne noted that it can be hugely challenging for smaller companies, without the dedicated security teams that many larger companies can boast, to focus on online security.
Security can also often be a major part of the IT budget at an SMB, he noted, not just in terms of ensuring you have bought the right software package, but also in recruiting suitably qualified employees, whether internal or external, to ensure everything is running smoothly. Sophos has recently released a host of security solutions aimed at SMBs, allowing them to stay focused on the right priorities whilst keeping them safe online.
“If you're a small business, protecting yourself with a modern approach to security, rather than "I've got some AV and do some patching', will massively impact your probability of being breached,” says Lyne.
"Making it easy and simple for businesses to run has to be the focus of the next few years - it has to be.”
But with cybersecurity rising to the top of many business’ must-do lists, Lyne added that the cybersecurity industry itself needs to take up the mantle of raising awareness around education and awareness.
The security industry is now “talking outside the echo chamber”, Lyne says, meaning that the impetus is on vendors and the media alike to ensure that companies are getting the right information and education they need to ensure they stay safe.
"There's a distance between '(security)' is hot and it's interesting, and being the communicators that are getting the public to understand that stuff,” he says,
"We have a real duty of care to go back to these old ideas, validate that they're still the case or not, challenge them, and make sure we're giving the right, and accurate advice...but there's still a distance to go."