SMEs must be wary of security vendor hype, says Norton VP

• Cost an inhibiting factor, SMEs can’t afford to fall for marketing buzz
• Enterprises less willing to work with SMEs with weak security

SMALL and medium enterprises (SMEs) are becoming more interested in protecting their information and organisation. However, as security vendors make their marketing push into Asia, with buzzwords galore, SMEs are feeling the pressure to just buy from the vendor that makes the threat sound the most dangerous.
 
This practice of just getting the best technology money can buy is something SMEs cannot sustain, according to Gavin Lowth (pic above), vice president of Symantec Corp’s Norton consumer and small business for Asia Pacific and Japan.
 
“I encourage new technology, but I think SMEs need to be aware of the marketing spin,” he told Digital News Asia (DNA) in Singapore recently.
 
This awareness will serve SMEs well in considering options in security technology, allowing them to be more cost-effective when it comes to protecting themselves.
 
Lowth argued that SMEs are extremely nimble in dealing with issues, instituting change, or adopting new technology – however, that nimbleness comes at a price as they struggle to garner enough resources to deal with security threats.
 
SMEs make up about 96% of the enterprises in Asean (the Association of South-East Asian Nations), making them ripe targets for cyber-attacks now.
 
“SMEs are quick to adopt new technology,” he said. “But they have no resources in terms of their responses to cyber-attacks.”
 
Such businesses face a bigger challenge than enterprises when it comes to spending on their IT operations, lacking the big budgets or economies of scale that enterprises can harness.
 
“The cost issue to SMEs is a challenge when they want to look at security,” Lowth said. “Keeping up with technology requires big budgets, something which SMEs don’t have.”
 
Thus, SMEs look for smarter ways to adopt technology at lower costs.
 
“When something does happen, SMEs are smarter in tech adoption,” Lowth said. “The question of technology with SMEs is not ‘if’ but ‘when’.”
 
Still, when it comes to mobile security, SMEs appear to be slower on the uptake than enterprises.
 
SMEs were still only concerned about security for their computers up to 18 months ago, according to Lowth. Now, however, they are becoming more aware of the need to secure their mobile devices.
 
“We’re starting to see an uptake in security for mobile devices – there’s also been a huge uptake of multi-device licences as well,” he said.
 
The importance of info
 
Beyond awareness about the marketing buzz surrounding security products, SMEs also need to understand the importance of information, said Lowth.
 
“Regardless of the threat, you have to protect where the information is of the highest value – regardless whether the information is hosted internally or externally,” he said.
 
Data is growing more important than ever, with 72% of businesses that suffer a major data loss having shut down within 24 months, according to security firm Imprima.
 
SMEs also have to come to terms that implementing a blanket security layer will not secure their networks adequately. “You can’t have a blanket security solution for everything,” Lowth said.
 
Security now has to be all-encompassing, tweaked specially for each component, from the endpoints to the network itself, he argued.
 
“We always tell SMEs that they need multi-layer protection, from intrusion prevention to monitoring the network,” he said.
 
Lowth described a blanket security layer as locking the doors but leaving the windows open – that is, such protective measures merely reroute attackers who will enter via other avenues.
 
Enterprises often work with SMEs, allowing them access to their networks. These SMEs are considered one of the weakest links in security for enterprises, as the IT policies that govern the enterprises are not as closely adhered to by the SMEs.
 
“SMEs lack the same resources as enterprises in securing their network,” Lowth said. “However, they still need to secure their networks or enterprises will be less willing to work with them.”
 
Related Stories:
 
BYOD security: Singaporean SME staff left to their own devices
 
Cybersecurity is about people too: FortiGuard strategist
 
Alpha7 kicks off ‘COO-as-a-Service’ offering for SMEs
 
Made-in-Malaysia platform out to solve the SME tech dilemma
 
                                                                                                                             
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.