Security company Symantec declared in a recent Wall Street Journal article that antivirus software – one of its main products – is "dead," implying it is practically useless at deterring cyber attacks. Why is an industry stalwart giving a postmortem for the product that made it famous?
The announcement was part of senior vice president Brian Dye's declaration that the company is shifting its focus to other products and areas of cyber security, including “cyber response teams.” According to Symantec, antivirus software is no longer effective and probably won't be a steady source of revenue for it or other security companies in the future.
In other words, cyber security is changing. Many of your clients (those who don't have a technical background) may still assume that their firewalls and antivirus software protect their companies sufficiently. This attitude reveals how far apart consumers and small businesses are from cyber experts, who see hacks as unavoidable.
How Is Cyber Security Changing?
Some security experts think that cyber security has become more like fire fighting. While people can work to prevent fires, it's a fire fighter's job to respond to and contain fires when they inevitably happen.
Cyber security, these experts argue, is beginning to work the same way. Symantec and other companies are creating "response teams" which help companies respond to data breaches when they happen.
Some cyber security firms are seeking more creative ways to limit damage. One firm, Juniper Networks, has even taken to putting fake user information on client computers in the hopes that hackers will target this rather than legitimate private data.
The growing consensus is that IT risk management is changing, and firms need to use a variety of strategies to combat data breaches. While IT consultants have never relied solely on antivirus software, it's becoming more and more apparent that data security depends on multiple levels of protection.
Antivirus: I'm Not Dead Yet
Despite what some experts say, others believe it might be too early to plan the funeral for antivirus software. Tech security blogger Brian Krebs details the history of data security programs and comes to an important conclusion: antivirus software can't protect against sophisticated threats, but it can stop run-of-the-mill malware. In doing so, it makes hackers work harder to disguise their software and limits the timeframe during which new malware is at its most dangerous.
Antivirus software isn't strong enough on its own to prevent data breaches. But it does prevent some "fires" from breaking out and spreading. And having fewer data breaches is the goal, after all.
What Does This Mean for Small Businesses?
These announcements could mean good news for your IT business. On the one hand, IT consultants can take advantage of a growing demand for data security response teams. In addition, because clients can't rely on simple antivirus software, they'll probably need more hands-on security consulting, which you can provide.
However, when the IT landscape changes, there's more risk. Clients are unfamiliar with new security options and will be slow to adjust. Because user error frequently causes data breaches, changing security protocol can lead to new cyber liabilities.
Given this uncertainty and increasing demand for hands-on IT security consulting and disaster response, small IT businesses likely need greater Technology Insurance.
An IT insurance policy like Errors and Omissions Insurance can cover your business if a client sues you for not preventing a data breach or failing to respond to it quickly enough. The nice thing about IT Insurance is that even as your work evolves with the changing IT landscape, your coverage protects you from lawsuits. E&O Insurance covers your professional liabilities. Whatever your work responsibilities are as an IT consultant – whether they include programming or project management – this coverage can protect your business.