Sophos: Security Vendors Failing SMBs

Big IT suppliers are not doing enough to educate SMBs on the need and application of adequate data security, according to UK vendor Sophos.

During a roundtable event this morning, product specialist at Sophos Chris Pace said major vendors were not focusing on making products usable or simple enough for SMBs, nor were they educating the market effectively, as they focused too heavily on larger enterprises.

His comments came as research commissioned by Sophos showed how remote working is causing many SMBs security headaches. Over half of IT managers surveyed said thy were concerned about security risks from remote working, with 75 percent saying support for it was an issue too.

SMBs are also operating old technologies to defend against malicious activity, with 34 percent admitting their network firewall was at least five years old.

Ignored by the big shots?

“SMBs aren’t just being ignored by government, but by the vendors supplying to them,” Pace said. SMBs need better education and less complex products, so employees don’t put corporate data at risk, he added.

“Every person should be able to say ‘when I do his, I know it is secure’,” added Tracy Andrew, information security and compliance officer at law firm Field Fisher Waterhouse – a Sophos customer.

Unfortunately for SMBs, they will get hit harder than larger organisations when a security incident occurs, according to Canon Europe’s director of information security, Quentyn Taylor. “Large organisations have the mechanisms to deal with problems in place, but SMBs don’t have them. Little problems for them are far more serious,” Taylor added.

Sophos had a subtle gibe at other vendors’ acquisition strategies too. “There is a difference in acquiring for revenue and acquiring for the portfolio,” Pace said, pointing to Dell’s purchase of SonicWALL as an example of how some vendors choose to buy product sets for profit, rather than looking at how to effectively integrate them with their own portfolios. Sophos goes down the latter route,  saying it has bought companies like network security provider Astaro to hook up to other parts of its product line-up, according to Pace.

How do you like them Apples?

The roundtable also highlighted issues in working with consumer hardware and software makers, especially with the dawn of BYOD. The company’s network security specialist Antony Gibson said two years ago Sophos approached Apple to talk about building security into the iPhone maker’s products, only to be told “we don’t build them for that.” Gibson said Sophos was “banging on the door” of Apple but to no avail.

“I don’t think it is good enough from those vendors,” Gibson said.

At the InfoSecurity 2012 conference in April, Kaspersky CEO Eugene Kaspersky had some harsh words for Apple, saying the company “did not recognise there is a problem” of security. Kaspersky said he had similar problems with Apple in not being able to convince it to allow more security products to run on iOS.

“For security companies it is not possible to change Apple’s mind because they have their strategy, their way. I think they will follow this way until something really bad happens,” he added.

Are you a security whizz? Try our quiz!