When discussing enterprise cybersecurity, business owners are often flooded by technical assessments of how vulnerable they are to attack, and their increased risks in today’s digital marketspace. If the recent slew of ransomware attacks has taught us anything, it is that no company is immune or totally protected from cyber attacks. Mainstream stories about cyber attacks often focus on incidents suffered by large corporations, such as the Equifax hack earlier this year, because of its high-profile nature and impact on regional economics. However, incidents involving Smaller and Medium-Sized Enterprises (SMEs) don’t necessarily receive the same degree of coverage. So, why is cybersecurity important to SMEs?
The uncomfortable answer here is because they are often easy targets for cyber criminals.
Today, more SMEs join the digital revolution by bringing their business operations online via cloud services or other solutions built upon the Internet-of-Things. If you are the owner of an SME and are looking for tools to help with financial management or assist in logistical planning, there is probably already an app for that. With more attractive solutions make life easier for SMEs, competition naturally gets fiercer. Therefore, most businesses regardless of size, are often preoccupied with how they can maximize sales, enhance operational efficiency or expand into new markets; and potentially decreasing the amount of attention towards ensuring their online security.
Understanding the Threat
Cyber criminals bank on this very notion of a reduced security focus amongst SMEs to gain access to the treasure trove of sensitive data (i.e. Financial Details and Client Information) held by a target with much less stringent security countermeasures than larger enterprises. Possessing a wide range of tactics and arsenal at their disposal, they can: con their targets through social engineering, where they pretend to be an interested client or employee; or directly target weaknesses on websites to gain access, infect the network and later ransom your digital assets — otherwise known as ransomware.
Despite the slew of fancy terminology littered throughout cybersecurity discussions, at its core, it’s underlying intentions are no different from that of your conventional burglar. Aside from the obvious technical differences, the classification of threats faced by SMEs today are no different from those experienced by our folks back in the old days. Who locked away ledger-books or rolodexes in safes, and made sure all access points to their shop were secure or even monitored by surveillance systems. Within the context of cyber crimes, the crimes themselves haven’t changed but have — like SMEs — adapted to the times and gone digital.
Understanding the Ramifications
Ramifications of suffering a cyber attack can vary depending on the SME’s geographical location, but essentially falls into the same categories. First is financial loss. Either directly from the security breach itself or from follow-on effects after suffering the attack, the financial losses incurred from a cyber attack can be severe and hard to recover from. In some cases, such incidents are not necessarily covered under their insurance plans. Second is reputational loss. Regardless of size, all victimized enterprises will suffer irreversible reputational damage which can severely hinder a company’s survivability and capabilities to win future contracts. Third is legal repercussions. Depending on where the breach occurred, SMEs could be privy to different legal ramifications that exacerbates already existent financial and reputational losses. Whilst larger enterprises may possess the equity to survive these ramifications after a cyber-attack, the same cannot be said of SMEs, given their relative size.
Within the larger contexts, a compromised SMEs can have significant ramifications on the national economy and security. In countries — like Singapore — where SMEs are actively considered to partner alongside Fortune 500 companies or government agencies, their inherently weaker state of security can also be exploited as part of a larger campaign targeting more secure networks.
So, what now?
Luckily for SMEs, there are a slew of security products and services that can help protect them from digital harm. These can range from: i) anti-malware products SMEs can easily purchase and install onto their business networks that work passively behind-the-scenes; ii) compliance with certifiable industry best practices, such as the Cyber Essentials program in the United Kingdom, to ensure they are implement cybersecurity best practices; or iii) contract out their network security to specialist firms providing active and adaptive security countermeasures.
As more cities continue expand and develop alongside the digital revolution, cybersecurity is increasingly important for everyone and not just businesses. Criminals have already picked up on this and updated their tactics, so SMEs must do the same. At the end of the day, all businesses are still communities of individuals working together to achieve a dream and the security of that dream is shared by all.