Security channel faces challenges educating SME customer base

Firms of all sizes are the targets of cyber criminals and the channel needs to challenge the current levels of unpreparedness and step up the education they deliver to counter user complacency.

Large enterprises such as Travelex might get the headlines and give smaller firms a false sense that they are not targets, but research from Kaspersky and Sophos has found that resellers have plenty of work to do in educating SME customers about the need to improve their data protection.

Kaspersky revealed that 47% of UK businesses expected to be attacked at some point in the next two years. The security vendor went out to quiz those in charge of security and found that 65% were prepared to admit that their organisations were complacent about protecting customer data.

That left users in various states of vulnerability with the risks that they could be breached higher than they should be. The costs of a problem were not just financial, but would also include longer-term brand damage that would be a major problem for SMEs.

“Being complacent with cyber security, and customer data, can be incredibly costly,” said David Emm, principal security researcher at Kaspersky. “Along with losing sensitive information, a data breach affects business revenues, customer confidence and reputations.”

The vendor also found that more than half of those it surveyed did not have a cyber security policy in place. That ratio increased to 71% in mid-sized firms.

“There have been many examples in recent years of household brands suffering data breaches, showing that even the most renowned businesses are at risk. For many organisations, the ramifications of a breach could be irreversible. This is why we urge businesses and organisations of all sizes to adopt robust cyber security policies, taking expertise where needed to ensure they have the best preventative measures in place,” added Emm.

Sophos has also issued research, Securing growth, that underlines the dangers that SMEs face from cyber attacks, with it now being seen by many customers in that segment as their biggest concern.

Despite that, a portion (22%) admitted that they failed to tell resellers that were covering their security needs when they rolled out new services, including cloud apps or fresh devices connecting to the corporate network.

SMEs were also likely to be using consumer tools, rather than business-grade protection, to protect the network, and young firms were also very open with letting staff and contractors hook up their own devices.

“Our research findings challenge a few widely held assumptions often made about SMEs and their attitudes towards cyber security. It is inaccurate to say that smaller businesses are not as concerned about cyber threats as their larger counterparts, or that an organisation’s cyber risk profile can be defined simply by its number of employees,” said Adam Bradley, regional vice-president for the UK, Ireland and Nordics at Sophos.

“In fact, our research suggests that the biggest risk differentiator is years of operation, and that smaller firms do worry about cyber threats – it’s just that this doesn’t always translate into secure behaviour. Organisations, whatever their size, age or sector, need advanced security solutions that can adapt and evolve along with the business,” he added.