Globally, SMEs have proven themselves to be easy and profitable targets for cybercriminals. Irish firm SecuriCentrix is on a mission to change this.
Alarming statistics seem to be commonplace these days, but a few released recently still hold enough power to pack a punch.
A recent survey released by the managers of the .ie top level domain highlight how:
- Only 15% of Irish SMEs use a firewall or antivirus software
- Only 11% use multi-factor authentication, and
- Only 4% said they trained staff in cybersecurity best practice
“There’s a false sense of security in being an SME. But this mistaken belief that being a smaller business will protect you will cost you dearly”
These figures arrive in the wake of increased attention globally on the rise of cybersecurity threats. And in the wake of the country’s HSE being severely harmed by a ransomware attack in 2021.
It’s an understatement to say that these details are shocking.
Cybersecurity is not the IT team’s responsibility alone
For David Steele, founder of SecuriCentrix, these statistics point to the biggest risk he sees companies take in their approach to cybersecurity. Or lack of approach.
“Often, we find that SMEs feel cybersecurity is something that the big global corporations need to worry about. There’s a false sense of security in being an SME. But this mistaken belief that being a smaller business will protect you will cost you dearly,” says David.
Steele is the managing director of SecuriCentrix and a cyber security Analyst. Founded in 2010, SecuriCentrix has grown to become a global security and compliance service provider to organisations.
The firm has forged strong relationships with organisations across Africa, Australia, Europe, India, and the UK.
Steele’s warnings are backed up by data.
According to a report by Accenture, 43% of cybersecurity crimes across the globe are aimed at SMEs.
There are multiple reasons for this, and the lax attitude Irish SMEs show (this same attitude is reflected by SMEs across the world) could be one of the main ones.
Globally, SMEs have proven themselves to be easy and profitable targets for cybercriminals.
The yields might not be as high as taking down a Fortune 500 company, but SMEs are easier to breach and take less time to attack.
Even before the pandemic, which has acted as a gold rush for cybercriminals, SMEs were:
- Lacking trained resources to deal with cybersecurity.
- Not enforcing minimum security controls, such as firewalls, antivirus software and anti-phishing solutions.
- Not ensuring operating systems and applications are fully patched.
- Misconfiguring security solutions.
“The concept of cybersecurity has become mainstream, and SMEs are definitely aware of what it means,” explains David. “Admittedly, it can be an overwhelming topic when you have so many other things to focus on and do not have access to the resources a large Fortune 500 does.”
But that doesn’t take away the size of the threat. Or the solutions that need to be put in place to mitigate as much risk as possible.
“As tempting as it might be to hand over the responsibility of keeping your organisation safe to your IT team, this is wrong,” says David.
Cybersecurity needs a CISO
For the most part, companies, both large and small, adopt a defensive approach to cybersecurity.
But there is another way.
“The strongest strategy by far to keep your business and your customers safe online is by being proactive when it comes to cybersecurity,” explains David. “The way to do that is to appoint a CISO.”
A CISO is a chief information security officer.
“Your IT team does have a role to play,” says David, “but they are just one part of a multidisciplinary team that will increase your company’s safety credentials and make it difficult for cybercriminals to attack. The CISO’s role is to oversee the IT team’s task by utilising a toolset, independent from day to day IT tasks.
The CISO takes full control of the entire scope of cybersecurity controls that needs to be put into place to keep a business secure.
With data breaches increasing month on month, CISOs for SMEs are focusing on:
- Cyber intelligence and data loss prevention: Cybercriminals move fast and no one can doubt their ability to innovate. CISOs need to stay up to date with security threats and incidents in real time. By implementing a strong and powerful cybersecurity framework, CISOs will invest in understanding internal and external threats (e.g. from employees not following cybersecurity policies to new ransomware).
- Security information infrastructure: CISOs will constantly monitor the market for the strongest and most fit for purpose security and software to protect your business network(s). Your CISO will also make sure that configurations are set up to the highest safety standards and constantly updated.
- Forensics: If a data breach does occur, your CISO will work with internal and external stakeholders (from legal to clients) to implement measures to prevent the same from happening again.
Your CISO will help you reach your business goals
“We know that the pandemic has utterly changed the business landscape,” says David. “This comes with positive opportunities too.”
“SMEs have the potential to operate at a bigger scale than ever before,” explains David. “It’s one of the better outcomes of the pandemic, and your CISO will play a huge role here too in your business success.”
The role of the CISO is to keep security efforts front of mind throughout the entire business. A report by Cisco shares how “44% of executives see cybersecurity as a competitive advantage for their organisation.”
Your CISO can help you incorporate this competitive advantage into your business by:
- Setting up and enforcing bespoke cybersecurity standards, procedures and policies to your business to strengthen your information infrastructure.
- Consistently evaluate the threat landscape your business operates in.
- Invest in the right software and hardware to protect your business network(s) and customer data.
- Conceptualise and implement business-wide cybersecurity initiatives, including internal and external audits and cybersecurity risk management.
“SecuriCentrix was founded in 2010, before cybersecurity had become the mainstream term it is now,” says David. “Our goal has always been to offer SMEs the same cybersecurity protections that larger companies have access to.”
Now, in 2022, the Irish firm has clients in industries as diverse as financial services to retail in multiple countries across the world. “We have offices in Dublin, London and Cape Town and clients in Africa, Australia, Europe, India and the UK.”
“We are the CISO for the clients we work with, and we treat their cybersecurity as our own,” says David.
Alongside the .ie report on cybersecurity, one final statistic drives home just how key paying attention to cybersecurity is.
In the report, 75% of Irish consumers claim they feel “very” or “somewhat concerned” about their data security.
Businesses that don’t pay attention to cybersecurity will lose their customers, no matter how much they spend on marketing.
Main image: David Steele, managing director, SecuriConnex