Norton: How Firms Can Fight Against Surging Data Breaches
Businesses regardless of size are facing an unprecedented surge in cyber threats, but SMBs — small and medium-sized businesses with fewer than 500 employees — are increasingly under fire.
This is because attackers are targeting those that may lack the resources of larger enterprises.
However, larger enterprises are not immune from these malicious actors.
Big names like Co-op, Harrods and M&S have shone a spotlight on the importance of cybersecurity after all suffering devastating cyber attacks — the latter of which is expected to see disruption carry on into July following its breach in April.
Luis Corrons, Security Evangelist at Norton, part of Gen, draws on the latest data theft stats in the Gen Q1/2025 Threat Report to explain why small businesses remain vulnerable.
In this exclusive Q&A with Technology Magazine, he highlights the most common security gaps and shares actionable steps to help firms — regardless of size — strengthen their defences.
From employee awareness to affordable security tools, Luis shares essential guidance for any business looking to stay protected.
Please introduce yourself and your role
I'm Luis Corrons, Security Evangelist for Norton, part of Gen.
I work as part of Gen Threat Labs to monitor emerging threats, analyse attacker behaviour and help ensure that Norton’s security solutions, like our antivirus, VPN and identity protection tools are effectively protecting our users.
My role is focused on understanding the evolving threat landscape, supporting the development of our cybersecurity solutions and helping educate people about how to best protect themselves.
What are the most common vulnerabilities you see among small businesses and why do these persist despite growing awareness of cyber threats?
Small businesses get hit with attacks on both the individual level as well as the business level.
Among small businesses, we often see a worrying mix of outdated software, weak password hygiene and minimal cybersecurity training.
These issues persist for a few reasons. Many small businesses operate with constrained budgets and lack dedicated IT teams, leading to gaps in both security, strategy and execution.
Thereās also a lingering perception that cybercriminals only target larger enterprises which often hold a greater volume and variety of valuable data.
In reality, attackers have been increasingly focusing on small businesses because their defences can be easier to bypass.
In some cases, small businesses are targeted not just for their own data, but as stepping stones into larger partners or clients, making them an even more attractive target.
The rise in automated attacks means it doesnāt cost much for criminals to cast a wide net, and small businesses often fall victim.
Awareness around cyber safety is rising, but without the tools and support to act on that knowledge, vulnerabilities remain.
Can you share some of Nortonās key stand-out facts from its latest report? Why are they important and what trends do they highlight?
The Q1/2025 Threat Report reveals a sharp rise in data breaches, with a 36% increase in incidents and a 186% surge in breached individual records, exposing sensitive information such as passwords, emails and credit card details.
While data breaches are often associated with large corporations, these figures show that smaller organisations are increasingly being targeted.
Cybercriminals are no longer focusing solely on big business. They are turning their attention to smaller companies, knowing they often have fewer resources and weaker security in place.
The impact can be just as severe, ranging from financial losses and operational disruption to lasting reputational damage.
This shift highlights the urgent need for all businesses to take cybersecurity seriously.
That means ensuring employees are aware of risks, keeping systems up to date and using strong security solutions that can detect and block threats effectively.
What practical first steps should small businesses take to strengthen their cyber defences, especially if there is a limited dedicated budget?
For small businesses with limited resources, focusing on the basics can make a big difference.
Start with multi-factor authentication for all critical systems which adds an extra layer of protection against compromised passwords.
Ensure all software, including operating systems and plugins, is kept up to date to avoid exploitation of known vulnerabilities.
Invest in a reputable cybersecurity suite like Norton Small Business that offers real-time threat protection.
Most importantly, educate your team.
As our threat data shows, breaches are on the rise and often begin with a single click.
Training staff to recognise suspicious emails or links is vital.
These foundational steps are low-cost but high impact, creating a significant improvement in overall security posture.
How significant is the role of employee cybersecurity awareness in preventing attacks? What effective training or policies have you seen make a measurable difference?
Employee awareness is essential.
Many cyberattacks, especially phishing, succeed not because of technical vulnerabilities but human error.
Regular training on identifying malicious emails, suspicious links and social engineering tactics is key.
But the most effective programmes go beyond awareness, they embed security as part of everyday workflow.
For instance, regular simulated phishing campaigns followed by quick feedback loops help teams stay sharp and reinforce good habits.
Clear guidance on how and where to report a threat can also reduce response time and limit damage.
It’s about building a culture where every employee sees themselves as part of the defence.
As cyber threats evolve and become more sophisticated, how can small businesses keep pace with new attack methods — such as phishing and ransomware — without the resources of larger enterprises?
The good news is that small businesses don’t have to build a cybersecurity team from scratch to stay protected.
Today’s security tools, including solutions like Norton Small Business, integrate threat intelligence and automation to help counter evolving attack techniques.
They offer essential protections such as real-time scanning and behaviour-based detection, all designed to reduce manual workload.
The key for SMBs is straightforward, cloud-based protection that’s scalable and easy to deploy without dedicated IT staff.
Beyond tools, staying informed is critical.
Free resources, threat reports and cybersecurity newsletters can help business owners understand emerging risks and adjust their defences accordingly.
Explore the latest edition of Technology Magazine and be part of the conversation at our global conference series, Tech & AI LIVE.
Discover all our upcoming events and secure your tickets today.
Technology Magazine is a BizClik brand