Small and midsize businesses (SMBs) today still do not have the urgency to keep pace with security threats, due to a lack of knowledge as well as limited resources, according to SonicWall executives.
Speaking Thursday at a media lunch, Ang Chye Hin, SonicWall's regional sales director for Southeast Asia, noted that compared to large enterprises, SMBs are not being educated enough on security issues and evolving threats. Smaller organizations, he added, are still rather "layman" in their security know-how.
In the current threat landscape, there are many ways companies' data can be compromised that SMBs are not aware of, Ang said, adding that there could be viruses and malware "sitting in PCs" without actually carrying out any attacks.
Jock Breitwieser, global public relations director of SonicWall, added that there are also malicious links whereby viruses are automatically downloaded even when though users don't actually click, but only hover, on them.
In a follow-up interview with ZDNet Asia, he also pointed out that most SMBs still did not understand the different types of threats such as malware and spam, and assume that simply signing up and paying for an antivirus tool or firewall would protect them from threats.
Elaborating, Ang said: "[SMBs] have a lack of awareness and misrepresentations about security. Solutions and applications alone will not protect them from threats."
According to him, most SMBs have little time to understand security risks, as they are too busy trying to build up their business. To that end, security is not their priority but "one of the many issues" they have to attend to, he said.
At the same time, most SMBs are reluctant to talk about the security challenges they face, Ang observed.
Breitwieser noted that while security breaches of large enterprises have been reported in the news, attacks on SMBs typically do not make the headlines and yet smaller companies that suffer breaches do end up losing revenue and may even wind up faster.
Due to budget constraints, SMBs possess fewer resources than large enterprises, Ang added. However, most SMBs work with service providers that provide a bundled offering with multi-function devices, he noted.
"Since most SMBs have lesser resources, they should make sure they find the right service provider," he said. "They simply need to do this once and continuously monitor after which."
When it comes to security, SMBs need to look into it seriously, on an ongoing basis" as they "never know the day [they] will be affected", Ang advised.
Ang also urged SMBs to brush up on their network security, especially in the areas of endpoint, antispam mechanisms and remote access.
"SMBs should take stock of what they have," he said. "Network security is dynamic and requires a holistic [approach]."