Cybersecurity for SMEs in a Post-Covid era
In a post-Covid era, cyber-attacks have today become the fastest growing crime on a global scale with 50 percent of such attacks targeting Small and Medium Enterprises (SMEs) that do not have sufficient cybersecurity measures. This whitepaper, by dmg events, as part of the Egypt International Security Exhibition & Conference
, explores current trends, challenges and solutions for SMEs to avoid such attacks in a post-pandemic age. The whitepaper features many expert insights, including those of BSA Partner, Rima Mrad.
As the cyber space continues to evolve from the weaponisation of software to its commercialisation and, today, the industrialisation of malicious operations and software, nation states are increasingly seeing the value in investing in technology to protect their countries, societies and companies. From start-ups to long-term Small and Medium Enterprises (SMEs), security is rarely on the agenda early or often enough.
However, cybersecurity experts believe the rash of ransomware tearing through SMEs is changing that. What was formerly the privilege of only the largest enterprises is now the minimum bar for all companies. “The demand and the pressure for innovation is to bring that world-class maturity in security to all, without breaking the bank or disrupting services and innovation,” said Sam Curry, Chief Security Officer at Cybereason.
The Covid-19 pandemic has demonstrated the importance of the Internet and computers for SMEs to maintain and grow their business. It has led to the adoption of cloud services, upgrading internet services, and potentially enabling staff to work remotely or to work with freelancers through multiple platforms. Over the past 18 months, the health crisis has led to an increase in malicious emails, phishing attacks, scams and malware. Criminals are also targeting SMEs as they are aware that many now have staff working remotely without adequate cybersecurity defences in place. As SMEs process a large variety of personal information, namely if they possess an online marketplace, they must be aware of privacy laws and regulations when dealing with personal identifiable information (PII). As a result, cybersecurity has become a valid concern for such businesses. If PII is stolen or lost, SMEs could face serious legal and potential financial repercussions. “The majority of SMEs use some basic security controls, such as endpoint antivirus protection, backups, firewalls and perform systematic software updates,” said Dean Mikkelsen, Cybersecurity Consultant at UAE-based Hannibal Global Insight. “At the same time, fewer SMEs perform security awareness trainings of staff and utilise logging and alerting systems.”
Cybercriminals are taking advantage of the current unprecedented pandemic crisis to mount increasingly sophisticated, massive, and frequent cyber-attacks. As organisations move to remote working, the likelihood of cybersecurity incidents is increasing due to insecure technical infrastructure, insufficient data security practices, and a lack of cybersecurity awareness. Education, retail, healthcare, and financial sectors are today emerging as lucrative and soft targets of cybercriminals because their data and ICT infrastructure is vital for day-to-day operations.
In response to the pandemic, many SMEs have shifted to have adopted cloud-based tools and platforms to ensure effective collaboration among staff, seamless communication with customers, and supply chainresilience. “SMEs had to invest in their internet facilities and websites,” said Dr Ryad Soobhany, Assistant Professor, PG Project Director and Digital Forensics Course Leader at the School of Mathematical and Computer Sciences at Heriot-Watt University Dubai. “As with other industries, SMEs have struggled to keep up their cybersecurity tools and policies with the rate of digital infrastructure adoption. The lack of security measures has resulted in SMEs falling victim to an increased number of cyber-attacks.” Indeed, a sharp increase in the volume of phishing attacks and ransomware on SMEs has been recorded since the onset of the pandemic. Attackers are also using social engineering to bait staff into giving up sensitive information online.
Until the dust settles, the post-Covid era is expected to be characterised by financial and operational pressures, while being marked by heightened cyber threats. Organisations – irrespective of size, industry, and financial prowess – are today re-evaluating their cybersecurity and budget priorities. A sense of collective urgency and a move towards new models that feature perimeter security, increased automation, next-generation identity, access controls and integrated security have now emerged. But most importantly, experts spoke of the current culture of cyber resilience, wherein SMEs are bridging the gaps, CISOs are enhancing their awareness, and policymakers are echoing cybersecurity concerns in political hallways. Soon enough, these trends are forecast to translate to multiple market-driven developments and regulations.
Read and download the full whitepaper here:Cybersecurity for SMEs in a post Covid-era