Understanding Cyber Security and Its Impacts on Business

Small and Medium-size Enterprises (SMEs) are an important driver for innovation and growth in Singapore and ASEAN. SMEs also stand to gain the most from innovative technology because it is complicated and costly for them to set-up and run ICT in the traditional way. Taking into account cybersecurity, SMEs do not always understand all the risks and business consequences for the development of technologies without an adequate level of protection against cybercrime. Companies from the smallest startup to the largest organisation suffer from cyber attacks.

Cybersecurity is essential for organisations of all sizes. Organisations need to ensure they have taken all the necessary precautions to protect their data. However, not all companies are affected by malicious attacks in the same way. It is a fact that small- to medium-size enterprises (SMEs) face far greater threats, risks and challenges combating cyber attacks. Why and what are the main reasons SMEs fail to recover from a catastrophic cyber attack?  Is there anything they can do about it to have a stronger defensive strategy?

All these threats seem to have multiplied overnight. The devices that were once useful and entertaining seem to have spontaneously metamorphosed into menaces. In the early days, computers were behind closed doors and labs, but this has changed. Instead of being protected behind locked doors, computers large and small are exposed in ways that their inventors could not have imagined. Nearly every computer is attached to networks that can be accessed from anywhere on the planet by almost anyone.

This perception is a significant issue for small businesses because their lack of interest in cybersecurity makes them a desirable target for criminal hackers.

A rather large number of small businesses do not put enough money and resources into cybersecurity. Many do not monitor or implement strong enough cybersecurity defences that will adequately protect their data. The absence of such defences makes their data more susceptible to attacks. Although they may not feel that their information has much value to criminals, it very often does. Small businesses still hold personal, proprietary and financial information. Still, they do not have the security defences that many large organisations do, which makes them an easy and attractive target.

In the event an organisation has been hit by a ransomware attack, the criminals responsible will typically demand it pays a ransom to retrieve its data. It is very tough for small businesses to recover from ransomware attacks, so they are often more willing to pay the ransom than larger organisations would be. Again, this makes them an attractive target for many criminals. Even in paying out the ransoms, there is no guarantee that the data would be recovered quickly or securely. That is why prevention is always better than cure.

The most common ways SMEs are hacked are by phishing (a form of Social Engineering attack), poor password management, and IT devices/equipment vulnerabilities.

Phishing campaigns are fake emails that impersonate someone you may trust: an online provider, bank, popular website or sometimes a colleague. These emails try to trick you into giving away sensitive information.

Passwords are crucial for ensuring the security of your data. If a password is easy to guess or used for multiple platforms, it becomes less secure and easier to hack. Passwords should be unique, preferably long and complex, and should never be shared.

IT vulnerabilities result from a network not having the right security measures in place to protect data. These vulnerabilities can lead to malware attacking an organisation’s data.

There are many simple ways an SME can protect itself from a cyber attack. Implementing a firewall is one of the first things an organisation should do, as this will put up a barrier between your data and the hacker, restricting their access.

It is imperative to educate your employees to adopt proper cybersecurity procedures. They should complete staff awareness training to identify a phishing email and follow basic security measures such as regularly changing passwords and adhering to security policies. Installing security software is vital to keep your data secure. After training your staff, there is still the chance that they may again fall victim to a phishing email. Installing anti-malware software will help protect your organisation from malware that may be contained in these types of email.

SMEs do have inherent advantages over larger companies. As an example, their agility enables them to be flexible and adjust to changes quickly. They lack the red tape and complexities larger organisations have to overcome to get things done fast. In reality, an SME needs to seek solutions matching their size and needs, and not necessarily the same solutions used by a big organisation. A Fortune 100 company chooses to work with a complicated and expensive vendor does not mean it is the best fit for an SME. It might just be the best for them but may not be a good fit at all for a smaller operation. 

Smaller companies with leaner and smaller IT teams can use and consider autonomous systems to help them detect and mitigate security threats. The idea of a full protection solution does not belong only to top-tier companies. It can be introduced and adopted by SMEs if they are open to the new wave of cybersecurity solutions emerging, just about the right time.

The threats are such today that no organisation can claim to be 100% protected. However, if you put a few of the following controls in place, your organisation becomes less appealing to hackers as most of them are looking for the quickest and easiest ROI. One of the starting points then is to obtain a high-level evaluation of your organisation’s cybersecurity posture and a documented summary of recommendations for improvements with the Cybersecurity assessment and audit.