SMEs Wake Up – You ARE the low-hanging fruit for cybercriminals

August 2024 Information Security

According to an IBM report, on average, it takes nearly 287 days to detect and contain a data breach. A lot of damage can be done in such a long period of time. For one thing, your reputation can go down the drain, along with your dream of selling this great little business it has taken you 20 years or more to build. This is according to Ethan Searle, Business Development Director, LanDynamix.


Ethan Searle

Searle says many SMEs are under the illusion that their size makes them impervious to cybercriminals. “Too often, small business owners underestimate the knowledge, skills, and ability of cybercriminals to pick the low-hanging fruit – those are the businesses that are most likely to lack cybersecurity measures, with the excuse that it is too costly for a company of their size.

“Cybercriminals today are no longer single hackers, but entire collaborative networks on a global scale. It is delusional to think these organised hackers only target large corporations with vast resources. It is never a case of the bigger the organisation, the more attractive the hit will be because the yield will be bigger. In fact, the opposite is true; smaller organisations are more vulnerable due to lack of focus and investment in protection, making them prime targets for hacking, as they require minimum effort and resources,” says Searle.

He explains how a cyber breach can have far more sinister implications for small businesses than large enterprises with greater financial reserves and investment in recovery systems. “SMEs are characteristically founded by entrepreneurs with a vision to grow their business into a saleable entity; however, a cyber breach can do irreparable damage operationally, financially, and of course, reputationally. All these impacts can be devastating to the resale value of a business. SMEs need to ask themselves if they are willing to risk this outcome.”

Digital security awareness is vital

Searle says while modern technology has enabled access to business data from anywhere, at any time, it has also vastly expanded the attack surface and presented hackers with new points of entry.

“So, you have small business owners with a limited number of employees, but all of whom have been supplied with the necessary apps and tools that enable them to perform their duties to the highest standard and with speed and ease. However, many SMEs are unaware of what is called ‘Shadow IT’, which is when employees are using tools that are not officially sanctioned by the company. These are convenient access points for cybercriminals. In addition, the proliferation of smart devices broadens the opportunity landscape even further,” notes Searle.

Don’t overlook security patching

“Security patches are defined as software and operating system updates that aim to fix security vulnerabilities in a program or product. These updates literally ‘patch’ a hole in your defence, preventing a hacker or piece of malware from exploiting a way into your network. The Ponemon Institute has reported that nearly 60% of data breaches could have been prevented by better patch management. Updating your software — whether through a rapid alert or regular software updates — can help keep your information secure against evolving threats. Remember these software updates not only help your cybersecurity, but also your compliance, and a compliant business is a far more saleable entity.

“If you are clever enough to have taken on a managed service provider (MSP), security patches are often sent as push notifications from the MSP administering your operating system, email, and web applications. One of the major advantages for small businesses who take this approach is cost, often an outsourced team suits SME budgets better than managing a full internal team – that’s even if you can find the necessary skills to do it effectively. Patching is an important practice to protect your company against malware, ransomware, and hacking attempts. A good MSP will ensure relevant patches are applied to your devices as soon as possible, thereby greatly reducing the risk to your business. A skilled MSP will deliver not only best practices in cybersecurity, but advice on the right technology solutions that will grow and secure your business and turn it into a highly saleable entity.

“If you didn’t think your ability to sell your business is intrinsically linked to your technology deployments and security practices, think again,” Searle concludes.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.