SMEs Wake Up – You ARE the low-hanging fruit for cybercriminals

August 2024 Information Security

According to an IBM report, on average, it takes nearly 287 days to detect and contain a data breach. A lot of damage can be done in such a long period of time. For one thing, your reputation can go down the drain, along with your dream of selling this great little business it has taken you 20 years or more to build. This is according to Ethan Searle, Business Development Director, LanDynamix.


Ethan Searle

Searle says many SMEs are under the illusion that their size makes them impervious to cybercriminals. “Too often, small business owners underestimate the knowledge, skills, and ability of cybercriminals to pick the low-hanging fruit – those are the businesses that are most likely to lack cybersecurity measures, with the excuse that it is too costly for a company of their size.

“Cybercriminals today are no longer single hackers, but entire collaborative networks on a global scale. It is delusional to think these organised hackers only target large corporations with vast resources. It is never a case of the bigger the organisation, the more attractive the hit will be because the yield will be bigger. In fact, the opposite is true; smaller organisations are more vulnerable due to lack of focus and investment in protection, making them prime targets for hacking, as they require minimum effort and resources,” says Searle.

He explains how a cyber breach can have far more sinister implications for small businesses than large enterprises with greater financial reserves and investment in recovery systems. “SMEs are characteristically founded by entrepreneurs with a vision to grow their business into a saleable entity; however, a cyber breach can do irreparable damage operationally, financially, and of course, reputationally. All these impacts can be devastating to the resale value of a business. SMEs need to ask themselves if they are willing to risk this outcome.”

Digital security awareness is vital

Searle says while modern technology has enabled access to business data from anywhere, at any time, it has also vastly expanded the attack surface and presented hackers with new points of entry.

“So, you have small business owners with a limited number of employees, but all of whom have been supplied with the necessary apps and tools that enable them to perform their duties to the highest standard and with speed and ease. However, many SMEs are unaware of what is called ‘Shadow IT’, which is when employees are using tools that are not officially sanctioned by the company. These are convenient access points for cybercriminals. In addition, the proliferation of smart devices broadens the opportunity landscape even further,” notes Searle.

Don’t overlook security patching

“Security patches are defined as software and operating system updates that aim to fix security vulnerabilities in a program or product. These updates literally ‘patch’ a hole in your defence, preventing a hacker or piece of malware from exploiting a way into your network. The Ponemon Institute has reported that nearly 60% of data breaches could have been prevented by better patch management. Updating your software — whether through a rapid alert or regular software updates — can help keep your information secure against evolving threats. Remember these software updates not only help your cybersecurity, but also your compliance, and a compliant business is a far more saleable entity.

“If you are clever enough to have taken on a managed service provider (MSP), security patches are often sent as push notifications from the MSP administering your operating system, email, and web applications. One of the major advantages for small businesses who take this approach is cost, often an outsourced team suits SME budgets better than managing a full internal team – that’s even if you can find the necessary skills to do it effectively. Patching is an important practice to protect your company against malware, ransomware, and hacking attempts. A good MSP will ensure relevant patches are applied to your devices as soon as possible, thereby greatly reducing the risk to your business. A skilled MSP will deliver not only best practices in cybersecurity, but advice on the right technology solutions that will grow and secure your business and turn it into a highly saleable entity.

“If you didn’t think your ability to sell your business is intrinsically linked to your technology deployments and security practices, think again,” Searle concludes.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Know who’s spying on you
Kaspersky Information Security Products & Solutions
According to the latest State of Stalkerware report, 40% of the people surveyed worldwide stated they have experienced stalking or suspect they are being spied on. A solution for Android is now available.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...