Cybercriminals have identified SMEs as potentially vulnerable because of new working practices, small IT teams and a lack of solutions knowledge. Rob Batters, Director of Managed and Technical Services, Northdoor plc provides SMEToday’s reading with some insight on this issue.
The threat from cybercriminals is increasing all the time in terms of regularity and sophistication. However, it is no longer just enterprise level or public sector organisations under attack, but SMEs too.
Without better protection, SMEs could face a barrage of attacks which has the potential to cause real damage to infrastructure, finances, and reputation.
UK SMEs suffering more cyber-attacks than ever before
Recent research has found that cyber criminals constantly attack UK SMEs. It found that half of all UK SMEs have suffered a cyber-attack in the last year. It also found that two-thirds of those who have suffered from an attack have been subjected to increased incidents.
This last stat is a particularly telling one. Once identified, SMEs with vulnerabilities will always be targeted by cybercriminals for further attacks. This increases the chances of breaches and real and telling damage to companies.
Indeed, 54 percent of SMEs have suffered financial loss due to a cyber-attack. When financial pressures in all areas of society are so acute, any additional strain for SMEs is potentially disastrous.
Why SMEs and why now?
Another stat from the research showed that the most common attacks on SMEs were ransomware and phishing. Both of these attacks tend to target employees, which points to some reasons why SMEs are seemingly being targeted more than ever.
Employees are often considered the weakest links within companies. This has been somewhat exacerbated by the pandemic and the changes in the way we work. With so many employees working outside of the office regularly, levels of protection and, in some cases, concentration are lower than usual.
This is certainly been recognised by cybercriminals who have upped their efforts and levels of sophistication to try and trick employees into giving them access to data and infrastructure.
Another reason for an increase in the attacks against SMEs is also linked to the pandemic. As lockdown was introduced across the UK, SMEs were forced to quickly implement new software and solutions that allowed businesses to continue working and for team members to work from home, as usual.
Much of this was implemented successfully, allowing companies to carry on without too much of a gap in service. This, in turn, overcame some of the doubts or concerns that business leaders had about technology and boosted new-found confidence in quickly implementing IT solutions.
This had positive effects, such as more companies migrating to the cloud. However, in some cases, this confidence has fallen over into overconfidence with companies implementing new technology quickly, without the necessary due diligence or knowledge about how it fits into current infrastructure and systems.
Some SMEs have taken this approach with their implementation of security solutions. Often this means that they have software that solves one particular problem or security worry. Implementing such solutions in isolation and without a proper understanding of where the vulnerabilities lie within their organisation means that they are still very much at risk.
With cybercriminals ready to take advantage of any weakness or vulnerability within SMEs, it is critical that the right solutions are in place and managed correctly. Indeed, with such a range of threats facing SMEs, one solution is often insufficient to ensure protection and adherence to regulations.
IT consultancies and managed services
Many SMEs are turning to IT consultancies that can offer and manage an ecosystem of best-of-breed security solutions.
This means that a multitude of threats can be monitored and countered before they have an impact on the business. Also, by turning to a managed service, SMEs can be confident that they are adhering to regulations, particularly those dealing with consumer data protection, such as GDPR.
Most SMEs will have small IT teams; bringing in expert support to deal with the threat of cybercrime not only helps to ensure security and adherence but also frees up an already overstretched internal team to focus on other key areas of the business.
Cybercriminals’ threats will only worsen over the coming weeks and months, and as we have explored, this threat is no longer restricted to the largest organisations. If they have not already, SMEs need to take the threat seriously and understand the consequences of not doing so. Working with an independent team of experts allows them access to experience, expertise, and the most appropriate solutions to counter the growing threat.
Rob will attend the Thames Valley Expo in Reading with Northdoor plc on the 19th October. He will give a presentation on ‘Cost-Effective Cyber-Security for the SME’. In it, he will discuss how SMEs can implement a cost-effective cybersecurity programme in the face of increasingly sophisticated and numerous cyberattacks, complex regulatory landscapes and ever-changing cyber trends.