Managing an SME in the age of cybercrime

  • There are 25 million SMEs are active in the EU, employing more than 100 million workers.

  • Switzerland has, according to the latest available official data (08.2020), 591 016 SMEs, employing 3 039 326 workers.

It seems not a week goes without the news reporting a data leak, a service interruption or a new vulnerability. This affects us all, whether to protect our businesses or our private data.

Cybersecurity risks are nothing new, but the vulnerabilities created by the adoption of new technologies has exponentially increased the risk of incidents. The rate at which these technologies are being adopted and implemented, however, has yet to be matched by the attention it receives from management teams in many organizations. The upsurge of attacks in the last few months of the pandemic has highlighted the financial motives of criminal organizations behind these attacks. They are no longer the result of chance, like a virus that you catch, but the consequence of a targeted attack.

Here are four of the best practices to minimize your organization’s exposure:

1. The order of priorities must be properly established.

If you are running a business today, your priorities are getting through the crisis, growing or at least maintaining your revenues, and potentially adapting to new market conditions.

Many organizations are choosing cloud solutions to gain the flexibility required for growth as well as potentially reducing operational costs.

Many companies are making the choice to adopt cloud solutions in order to have the flexibility to grow and potentially reduce operational costs.

The cloud is undoubtedly a good option, but new technologies come with new risks. Complex systems require specific skillsets and often require new security tools.

Analyzing, understanding and prioritizing security is no easy task, yet remains fundamental. Too much focus on growth or technical improvement to meet a business need without assessing cyber risks can prove critical for businesses.

2. The risks of remote work have now been well identified. It is better to act than to be forced to react.

Organizations have been thrust, practically overnight, into a world where working remotely is the norm for many. While it may be tempting to think of this as a byproduct of the pandemic, we need to be honest with ourselves: it isn’t going away anytime soon.

Although remote work peaked in 2020, when an average of 59% of employees worked remotely, it is still estimated that 42% of employees work remotely today. This number is only expected to drop to 34% within the next year. Remote work is not a trend that will just fade away, rather one that is likely to carry on in the long term.

The majority of SMEs do not seem ready to adequately address the cybersecurity challenges posed by remote work.

Only 35% of decision makers feel their organization is very well protected against breaches to remote devices and/or employees, further proving that organizations are still not taking the necessary steps to protect their data.

23% of all decision makers are confident that their current cybersecurity solutions provide acceptable protection them sufficiently in the event of an attack.

We are aware of the risk but lack understanding and confidence in the solutions that protect us.

3. Communication between IT decision makers and business decision makers must improve.

Nothing new here. Most businesses are familiar with this problem that I like to call ‘the black box’.

Enterprise often perceives IT as a chore that can’t be swept under the rug, and security as a hindrance to business operations. Everyone’s dream is for IT to be a fully functional black box that you never need to open.

But IT is not an exact science, is complex and clearly essential. It’s difficult for a company to quantify the ROI for cybersecurity; you invest to protect what you have.

4. Lack of in-house cybersecurity talent needs to be addressed

Being more agile, getting to the market quicker, having efficient tools, all these needs are linked to costs and risks.

New technologies bring new models, new processes and with them, new vulnerabilities. The direct consequence is an increase in the complexity of attacks.

To achieve this, companies must continually hire and train staff. The more qualified a cybersecurity professional is, the less affordable their salary expectations will be for an SME. Many companies cannot afford a full-time CISO (Chief Information Security Officer).

One alternative is to hire a consultant who can offer the expertise to protect an organization from cyber threats.

Another option is to train IT security personnel, upskilling existing employees to be able to respond to all types of attacks.

Previous
Previous

Abilene Advisors & smartcockpit announce partnership

Next
Next

The LinkedIn leak: What actually happened? by A. HIRSCHHORN