Article

Are MENA SMEs prepared for the latest cybersecurity risks?

It is imperative that SMEs are protected against external cyber threats by re-evaluating and strengthening their security controls. Article 1st published by ITP.net on 8 November 2021.

A large number of SMEs are investing significantly in protection against cyber risks however no security solution is 100% effective. The weakest link remains employee’s unwittingly falling foul of socially engineered attacks that lock up devices or pushes malware into the network, or those who maliciously steal data or introduce viruses.

Due to the rise in use of remote connections, driven by remote working, the probability of a cyber-attack on a company has increased. Furthermore, by the end of 2018, there were nearly 22 billion IoT devices in use around the globe and this is projected to increase by 73% in 2025 to 38 billion, and further increase by 127% in 2030 to 50 billion.

Keeping these projections in mind, it is imperative that SMEs are protected against external cyber threats by re-evaluating and strengthening their security controls.

Cyber risks facing SMEs today

We are currently witnessing a ransomware epidemic – an escalation in attacks which is leading to higher ransom payment demands and increased business downtime. During the coronavirus outbreak it evolved again. With workers rapidly redeployed to work remotely, security best practices and protocols were harder to enforce, leading criminal attackers to take advantage of the uncertainties and to launch a huge number of crisis-related attacks. Within one week in April 2020 alone, Google reported 18 million ransomware and phishing related emails per day.

Addressing cybersecurity challenges

While cybersecurity risks can be mitigated, managed, and recovered from, these cannot be eliminated completely. With attacks on the rise, it is important for businesses to consider cyber insurance to address some of these challenges.

It is pertinent that SMEs consider educating their employees on the negative impact cybersecurity breaches have on their businesses. Therefore, implementing a cybersecurity awareness program for all employees is key. Such a program should reflect the latest cyber trends, encouraging employees to identify phishing emails and report any malicious activity they may come across.

Furthermore, SMEs need to consider creating a Cyber Incident Breach Response Plan to be able to effectively respond and recover from cyber incidents, have well defined playbooks covering specific cyber scenarios (i.e. ransomware, phishing, data breach etc.) and conduct regular table top exercises to assess the resilience and crisis management response capabilities of their organisation.

Equipping SMEs with the right tools

The pace of technological advancement in the modern world has resulted in a dynamic cyber threat landscape. Cyber criminals are becoming more skilled and sophisticated when it comes to the nature of their attacks – they are constantly identifying new endpoints that are vulnerable.

Ransomware is evolving and becoming a more sophisticated method of attack. Prepare for when, not if (i.e. think like an attacker – adopt an “assume breach” mind set). Ultimately, all businesses, regardless of size must be prepared for a ransomware attack and have a contingency plan in place for when it does transpire.

A cyber insurance program can help SME’s mitigate, manage and recover from a cyber incident. Similarly, a cyber-policy can help by covering a SMEs liabilities and costs on media, data security, viruses and hacking for example.

Adoption of cloud services

Many SMEs are accelerating their adoption to cloud services that have the potential to offer significant cost, efficiency, resilience and potential security benefits (if implemented appropriately) over data storage and application hosting alternatives. However, it is key that these cloud services are required to be deliberately and strategically adopted and managed by the SME (i.e. considerations such as shared responsibility, security, regulatory requirements, third party risks, data protection requirements, etc.).

Due to the pandemic, there has been a fast-track roll out of collaboration tools (i.e. productivity tools, video conferencing tools) or emerging technology capabilities such as Chatbots, etc. for content delivery or customer service. However, the security aspect of these capabilities is often overlooked. It is important that SMEs assess the security capabilities and conduct an appropriate risk assessment of any new service they introduce to understand the cyber risks exposures associated with these capabilities.

Conclusion

Cyber risks have evolved and attacks are increasing in both volume and sophistication. While data breaches and privacy remain real concerns for some, today’s phishing, social engineering and ransomware attacks threaten to disrupt businesses, supply chains and industries for the many. SMEs should be aware of the significant financial and operational impacts this will have on their business.

1st published on itp.net on 8th November 2021

Related Articles