Sector - Software & Technology

SMEs remain unprepared as cyber threats escalate

SMEs neglect cyber security, making them easy targets for a wide range of attacks, including phishing and ransomware. Hackers, some with basic technical skills, capitalize on these weaknesses.

Despite cybersecurity threats being on the rise, many small and medium enterprises (SMEs) still lack basic security measures. On top of that, hackers are shifting their focus from big businesses to smaller targets, creating even more dangers for smaller companies in the digital space. The main reason SMEs neglect to secure their digital perimeter is lack of understanding of cyber security threats and resources, expert says.

The real cost of a hack

Every day thousands of companies worldwide are targeted by hackers. According to a recent study published by IT company “Accenture”, 43 percent of them are aimed at small businesses. Other reports also suggest a trend amongst ransomware hacker groups, which are shifting focus from corporate targets to smaller — and less prepared —businesses.

According to Aurimas Bakas, CEO and founder of Cyber Upgrade, it is no secret that hackers target smaller businesses due to inadequate cybersecurity safeguards, as most SMEs underestimate the associated risks.

“Every CEO knows that they have to lock the door after they leave the office, but some of them still underestimate the importance of protecting the digital perimeter of the company,” he says. “A cyberattack can result in revenues lost to ransom payments, downtime, remediation, legal costs, fines, and audit fees. A business may have to pass these costs onto their customers, compromising their competitiveness.”

Another common reason for overlooking cybersecurity measures may be trusting false narratives, such as “we are too small to be hacked”, “we have nothing valuable”, and similar. “Every CEO should remember that hackers do not make exceptions for smaller enterprises; they deploy automated tools that can attack thousands of companies at the same time,” Bakas says.

Shocking statistics

While big businesses usually face attacks that require in-advance preparation, SMEs are susceptible to a range of common threats. These attacks rely less on advanced technological capabilities and more on exploiting human errors or weaknesses in foundational cybersecurity measures.

Bad actors often target SMEs by sending phishing emails and combining them with social engineering attacks, or using ransomware to infect them with malware through unpatched systems. Nowadays even hackers with minimal technical knowledge can buy tools to inflict ransomware. Bakas suggests that hackers often prioritize businesses that work with sensitive customer data or provide a service that could halt their client’s business, as these types of companies are more likely to pay a ransom.

„For example, if an accounting firm suffers from a ransomware attack, a service outage would disrupt the financial reporting processes for all customers for weeks, if not months. Such an attack would also be devastating for the company: statistics show that around 60% of small companies go out of business within six months of a cyberattack or a data breach,“ he comments.

Gamified approach to cyber security

One of the biggest obstacles SMEs face in protecting their digital perimeter is a shortage of dedicated cybersecurity resources. Most smaller companies can’t afford to hire experts who could implement necessary cyber security measures. However, automated solutions can significantly minimize the risks companies face in the digital space.

Bakas believes that with the right tools, every company can implement cyber security foundations to protect itself and avoid being used as a means to harm others, for instance, as part of a botnet.

“Most cybersecurity issues happen because of human-related factors. Therefore, spreading awareness among employees can generate significant results. That’s why we created a gamified bot that interacts with every employee and ensures that basic security measures are implemented. Thus 0,1% of cybersecurity is done daily,” he says.

The company uses its proprietary AI model that allows the inclusion of every team member in the cyber governance process, bridging the gap between theoretical security measures and practical operational security. AI systems are also deployed to oversee regular safety checks, look for vulnerabilities and complete other tasks.

According to Bakas, in the near future, AI-based automation tools will play an important role in keeping SMEs safe. However, for AI solutions to be effectively implemented, company owners and CEOs must first shift their attitude towards the protection of digital and physical assets. 

“In order to stay competitive in today’s world, protecting against online attacks must be the top priority. Cybersecurity is not a task or a project, it’s a daily routine akin to cleaning teeth or stretching. The only effective approach is a systematic one,“ he concludes.

If you would like to read more stories like this, then please click here