Small- and medium-sized businesses (SMBs) typically have fewer resources and expertise around cybersecurity than larger enterprises. However, in many ways, they face similar, if not, higher risks. For example, Symantec’s research[i] shows that users in small organizations (<250 users) receive malicious emails twice as often as larger enterprises.
Second, we see cybercriminals doing extensive research when orchestrating attacks against SMBs, often seeking to infiltrate smaller organizations within the supply chain to reach larger organizations. Or, they seek out smaller companies simply because they are perceived as easier targets.
Strengthen barriers at entry points for enhanced security
While cybersecurity is complex, there are some critical foundations that need to be covered. The diagram below shows that for all organizations that seek to both keep themselves safe from cyber threats and to protect valuable data, there are some key focus areas.
To guard against threats and to safeguard data, protecting endpoints and email is critical. Why? Let’s start with endpoints (computers, mobile devices and servers): They are the prime way users interact with digital information and systems, and the last line of defense against attacks. Users store all manner of sensitive information on their endpoints, and, in some cases, they may not even be aware of the scale of this (for example, where cloud applications synch data silently to an end user’s device).
Email, on the other hand, is a critical business application, and also the number-one threat delivery mechanism encompassing social engineering attacks, phishing, advanced threats (such as ransomware) and data loss. As email security systems have responded to advanced attacks, cyber criminals are now directing users to short-lived websites to serve malware or phishing attacks before the websites become blocked. There is therefore a need for organizations to help users safely navigate to such websites.
3 key areas of focus for improved security
Let’s look a bit closer at three particular issues—business email compromise, suspicious web links and data protection. Business Email Compromise (BEC) is a significant problem. In fact, the FBI[ii] reported $12.5B in losses by July 2018, and the scale is growing significantly. Symantec’s email security includes a number of email authentication techniques to spot spoofing attacks and includes a Business Email Scam Analyzer engine to detect such fraudulent email based on behavioral patterns.
When it comes to suspicious web links, Symantec is the first vendor to incorporate website isolation technology to an email security platform. With a single click, Email Threat Isolation technology is enabled. Symantec’s threat intelligence network determines the level of risk associated with every website and how to best allow the user to access that site (allow, block or isolate).
The third issue, of email data loss, is also solved by Symantec. Email content and attachments can be encrypted by policy, ensuring that content leaving the organization is fully protected.
Provide effective protection for SMBs with top solutions
Combining endpoint, email and isolation technology creates a powerful combination of protection against threats and data loss. The solutions recommended in this article are cloud-managed and simple to use, making them ideal for organizations that have limited security expertise and resources. However, this simplicity does not impact their effectiveness—Symantec’s endpoint and email capabilities are widely recognized as industry-leading solutions.
To learn more about Endpoint Protection Cloud and Email Security Services offered by Symantec, visit Ingram Micro’s Cloud Marketplace.
[i] Symantec Internet Security Threat Report vol 24 (February 2019)