Norton: Steps to Bolster Security Against Cyber Threats
Businesses of all sizes are experiencing a dramatic rise in cyber threats, with small and medium-sized businesses (SMBs) — those with fewer than 500 employees — becoming increasingly frequent targets.
Attackers are zeroing in on SMBs because these organisations often lack the robust security resources available to larger enterprises.
Yet, even major corporations are not exempt from these threats.
High-profile companies such as Co-op, Harrods and M&S have recently brought attention to the critical importance of cybersecurity, each suffering significant cyber attacks.
In fact, M&S is still dealing with the aftermath of its April breach, with disruptions expected to continue into July.
Luis Corrons, Security Evangelist at Norton, part of Gen, references the latest data theft statistics from the Gen Q1/2025 Threat Report to illustrate why small businesses remain particularly at risk.
In this exclusive Q&A with Cyber Magazine, Luis identifies the most common security vulnerabilities and offers practical steps that organisations of any size can take to bolster their defences.
From increasing employee awareness to leveraging cost-effective security solutions, Luis provides essential advice for any business aiming to enhance its cybersecurity posture.
Please introduce yourself and your role
I'm Luis Corrons, Security Evangelist for Norton, part of Gen.
I work as part of Gen Threat Labs to monitor emerging threats, analyse attacker behaviour and help ensure that Norton’s security solutions, like our antivirus, VPN and identity protection tools are effectively protecting our users.
My role is focused on understanding the evolving threat landscape, supporting the development of our cybersecurity solutions and helping educate people about how to best protect themselves.
What are the most common vulnerabilities you see among small businesses and why do these persist despite growing awareness of cyber threats?
Small businesses get hit with attacks on both the individual level as well as the business level.
Among small businesses, we often see a worrying mix of outdated software, weak password hygiene and minimal cybersecurity training.
These issues persist for a few reasons. Many small businesses operate with constrained budgets and lack dedicated IT teams, leading to gaps in both security, strategy and execution.
There’s also a lingering perception that cybercriminals only target larger enterprises which often hold a greater volume and variety of valuable data.
In reality, attackers have been increasingly focusing on small businesses because their defences can be easier to bypass.
In some cases, small businesses are targeted not just for their own data, but as stepping stones into larger partners or clients, making them an even more attractive target.
The rise in automated attacks means it doesn’t cost much for criminals to cast a wide net, and small businesses often fall victim.
Awareness around cyber safety is rising, but without the tools and support to act on that knowledge, vulnerabilities remain.
Can you share some of Norton’s key stand-out facts from its latest report? Why are they important and what trends do they highlight?
The Q1/2025 Threat Report reveals a sharp rise in data breaches, with a 36% increase in incidents and a 186% surge in breached individual records, exposing sensitive information such as passwords, emails and credit card details.
While data breaches are often associated with large corporations, these figures show that smaller organisations are increasingly being targeted.
Cybercriminals are no longer focusing solely on big business. They are turning their attention to smaller companies, knowing they often have fewer resources and weaker security in place.
The impact can be just as severe, ranging from financial losses and operational disruption to lasting reputational damage.
This shift highlights the urgent need for all businesses to take cybersecurity seriously.
That means ensuring employees are aware of risks, keeping systems up to date and using strong security solutions that can detect and block threats effectively.
What practical first steps should small businesses take to strengthen their cyber defences, especially if there is a limited dedicated budget?
For small businesses with limited resources, focusing on the basics can make a big difference.
Start with multi-factor authentication for all critical systems which adds an extra layer of protection against compromised passwords.
Ensure all software, including operating systems and plugins, is kept up to date to avoid exploitation of known vulnerabilities.
Invest in a reputable cybersecurity suite like Norton Small Business that offers real-time threat protection.
Most importantly, educate your team.
As our threat data shows, breaches are on the rise and often begin with a single click.
Training staff to recognise suspicious emails or links is vital.
These foundational steps are low-cost but high impact, creating a significant improvement in overall security posture.
How significant is the role of employee cybersecurity awareness in preventing attacks? What effective training or policies have you seen make a measurable difference?
Employee awareness is essential.
Many cyberattacks, especially phishing, succeed not because of technical vulnerabilities but human error.
Regular training on identifying malicious emails, suspicious links and social engineering tactics is key.
But the most effective programmes go beyond awareness, they embed security as part of everyday workflow.
For instance, regular simulated phishing campaigns followed by quick feedback loops help teams stay sharp and reinforce good habits.
Clear guidance on how and where to report a threat can also reduce response time and limit damage.
It’s about building a culture where every employee sees themselves as part of the defence.
As cyber threats evolve and become more sophisticated, how can small businesses keep pace with new attack methods — such as phishing and ransomware — without the resources of larger enterprises?
The good news is that small businesses don’t have to build a cybersecurity team from scratch to stay protected.
Today’s security tools, including solutions like Norton Small Business, integrate threat intelligence and automation to help counter evolving attack techniques.
They offer essential protections such as real-time scanning and behaviour-based detection, all designed to reduce manual workload.
The key for SMBs is straightforward, cloud-based protection that’s scalable and easy to deploy without dedicated IT staff.
Beyond tools, staying informed is critical.
Free resources, threat reports and cybersecurity newsletters can help business owners understand emerging risks and adjust their defences accordingly.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
