Globally, SMEs have proven themselves to be easy and profitable targets for cybercriminals.
Alarming statistics seem to be commonplace these days, but a few released recently still hold enough power to pack a punch.
City A.M. spoke to David Steele, founder of SecuriCentrix, about the risks he sees companies take in their approach to cybersecurity, or lack of.
According to a recent report by Accenture, 43 per cent of cybersecurity crimes across the globe are aimed at SMEs.
“Often, we find that SMEs feel cybersecurity is something that the big global corporations need to worry about. There’s a false sense of security in being an SME”.
“But this mistaken belief that being a smaller business will protect you will cost you dearly,” said Steele.
There are multiple reasons for this, and the lax attitude could be one of the main ones. Globally, SMEs have proven themselves to be easy and profitable targets for cybercriminals.
The yields might not be as high as taking down a Fortune 500 company, but SMEs are easier to breach and take less time to attack.
Even before the pandemic, which has acted as a gold rush for cybercriminals, SMEs were lacking trained resources to deal with cybersecurity, not enforcing minimum security controls, such as firewalls, antivirus software and anti-phishing solutions, not ensuring operating systems and applications are fully patched and misconfiguring security solutions.
“The concept of cybersecurity has become mainstream, and SMEs are definitely aware of what it means.”David Steele
“Admittedly, it can be an overwhelming topic when you have so many other things to focus on and do not have access to the resources a large Fortune 500 does.”
But that doesn’t take away the size of the threat. Or the solutions that need to be put in place to mitigate as much risk as possible.
“As tempting as it might be to hand over the responsibility of keeping your organisation safe to your IT team, this is wrong,” he continued.
For the most part, companies, both large and small, adopt a defensive approach to cybersecurity. But there is another way.
“The strongest strategy by far to keep your business and your customers safe online is by being proactive when it comes to cybersecurity,” stressed Steele. “The way to do that is to appoint a chief information security officer.”
“Your IT team does have a role to play,” he added, “but they are just one part of a multidisciplinary team that will increase your company’s safety credentials and make it difficult for cybercriminals to attack. The CISO’s role is to oversee the IT team’s task by utilising a toolset, independent from day to day IT tasks.”
The CISO takes full control of the entire scope of cybersecurity controls that needs to be put into place to keep a business secure.
With data breaches increasing month on month, CISOs for SMEs are focusing on cyber intelligence and data loss prevention.
“Cybercriminals move fast and no one can doubt their ability to innovate. CISOs need to stay up to date with security threats and incidents in real time,” he said.
“We know that the pandemic has utterly changed the business landscape,” says Steele. “This comes with positive opportunities too.”
“SMEs have the potential to operate at a bigger scale than ever before,” he concluded. “It’s one of the better outcomes of the pandemic, and your CISO will play a huge role here too in your business success.”