SME cybersecurity: high risk

February 2019 Cyber Security, IT infrastructure

Small and medium-sized businesses are becoming more attractive targets for cyber criminals – both direct and also as a starting point for larger attacks across a supply chain. Unfortunately, these companies often lack the experts, systems and budgets to successfully withstand cyber-attacks. Meanwhile, today's business landscape means that any organisation can be potentially at risk, regardless of its size.

Many small and medium enterprises have already realised that they are exposed to the same dangers that affect large corporations. Unfortunately, such reflections often come after they have experience the attack.

According to the Cisco 2018 Security Capabilities Benchmark survey, more than half of all cyber-attacks (54%) have resulted in financial losses of over US$ 500 000.

Bearing in mind the scale of the threat, it is important for small and medium-sized companies to take appropriate steps to protect themselves and their clients and partners.

53% have experienced security breaches

The report ‘Small, but powerful’ by Cisco, concerning the cybersecurity of small and medium enterprises, presents information collected from 1815 representatives of the SME sector from 26 different countries. The study not only shows the landscape of threats to which ‘small and medium’ is exposed, but also presents tips on how they should defend themselves against attacks in the near future.

According to the report, 53% of respondents experienced a security breach in the last year. Often, these activities had a long-term negative financial impact: loss of income, customers, business development opportunities or additional repair costs

The most important data from the report

• 30% of companies in the SME sector stated that security incidents cost them less than $100 000, and 20% lost between $1 000 000 and $2 499 999.

• Small and medium-sized companies record about 5000 cybersecurity alerts per day.

• Companies from the SME sector analyse 55.6% of alerts related to cybersecurity.

• The most common types of attacks are those targeted at employees of companies, e.g. phishing (79%), advanced persistent threat attacks (77%), ransomware (77%), DDoS attacks (75%) and the spread of attacks using using the BYOD trend - Bring Your Own Device (74%).

Maximising the effectiveness of security measures

Increasingly, companies thoroughly analyse cybersecurity issues and invest in personnel and technologies that will allow them to face the growing scale of threats. In a situation where SMEs employ more specialists, they would most often invest in:

• Increasing the safety of endpoints by implementing more advanced anti-malware protection. This is the most common answer given by 19% of respondents.

• Improving the security of network applications - 18%.

• Implementation of anti-intrusion technologies as a key way to stop network attacks - 17%.

In comparison to organisations employing over 1000 people (i.e. those of enterprise class), companies from the SME sector rarely rely on solutions based on technologies such as machine learning or automation. Small and medium enterprises are looking for suppliers who integrate artificial intelligence and machine learning with existing solutions, instead of implementing new, additional projects. An example of a solution that enables this is Cisco Encrypted Traffic Analytics, which has implemented machine learning algorithms that detect malicious code in encrypted traffic without decrypting it.

Companies also take into account the solutions needed to maintain the current work environment, including constantly updating mobile devices connected to corporate networks and the growing importance of applications in the cloud. Adoption of the cloud has significantly increased in recent years: in 2014, 55% of companies in the SME sector maintained part of their network resources in the cloud; in 2017, this number increased to 70%. Companies scale resources and often take into account external security solutions, including those from managed security service providers.

Because small and medium-sized enterprises have problems recruiting experts responsible for cybersecurity, they need to maximise existing resources. Over half of these organisations entrust the preparation of a cybersecurity strategy to external companies. Often, they also outsource the development of responses to possible crises and security monitoring.

What is the recipe for SMEs?

Unfortunately, there is no miracle cure for cyber threats. Organisations can, however, take action to transform their company in terms of security awareness, which is made up of activities promoting network protection both at the employee and organisation level. They can also provide staff with knowledge that will allow them to recognise and avoid situations that may allow an attack to happen.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The enemy within – insider ­security threats
May 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Financial (Industry)
Insider threats in today’s financial world are insidious and destructive and your defence against insiders should start long before the person assumes his/her position.

Does your control room add value?
May 2019, Fidelity Security Group, G4S South Africa, Progroup , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, IT infrastructure, Commercial (Industry)
Whether on- or offsite, control rooms are a critical aspect of security today and care must be taken in the design and rollout of these nerve centres.

Huawei’s Platform + Ecosystem strategy for 2019
May 2019, Huawei Technologies South Africa , News, Integrated Solutions, IT infrastructure, Conferences & Events
The annual Huawei Eco Connect event took place at the Sandton Convention Centre in Johannesburg and saw more than a 1000 attendees and housed exhibition stands from an array of partners.

LoJax: Be very careful
May 2019 , Cyber Security
Even replacing drives won’t kill this malware, which is still active more than nine months after researchers from Arbor Networks detailed it.

Assessing impacts: The meteors of security and AI
May 2019 , Cyber Security
As security threats evolve and artificial intelligence pervades, what impact are they set to have on business over the next year?

Visibility is key, and lacking
May 2019 , Editor's Choice, Cyber Security
Cybercriminals are most likely to be caught on servers and networks, but detecting their time and point of entry remains a mystery.

The benefits of machine learning and UEBA
May 2019 , Cyber Security
Combining accurate and essential user behavioural data with machine learning allows you to more accurately monitor your users on an endpoint-by-endpoint basis.

Insiders: who are they?
May 2019 , Security Services & Risk Management, Cyber Security
The 2018 Insider Threat Report by Cybersecurity Insiders reports that more than 51% of companies are concerned about unintentional insider attacks.

Securing the Industrial Internet of Things
May 2019, Axiz , Cyber Security, IT infrastructure, Industrial (Industry)
The very benefits that makes the IIoT so compelling, makes it equally capable of damaging infrastructure operations and processes through bad actors.

Hybrid cloud and hyper-converged data protection
May 2019 , IT infrastructure, Cyber Security
Arcserve Unified Data Protection extends disaster recovery and backup technologies to prevent downtime and data loss for hyper-converged and SaaS-based workloads.