Why SMEs need to worry about the threat of cyberattacks

As the world treads towards an increasingly digitised ecosystem, cyber threats and online fraud is not uncommon and no one is immune to them but SMEs may not be aware of the devastating consequences of a cyberattack, according to KYND.

new podcast from cyber risk management company KYND delves into why SMEs must prioritise cybersecurity as part of their business operation and how they can mitigate online threats. The discussion is led by KYND chief marketing officer Melanie Hayes with expert advice from KYND CEO Andy Thomas and Global Cyber Alliance executive director Andy Bates.

During the discussion, Thomas explained that while tech giants and large businesses have incorporated cyber risk management into their business strategy, SMEs do not regard cyber risk as a strategic component in their business model despite the fact that cyber risk is a real and growing phenomenon. Unfortunately, when a smaller business is hit by a cyberattack it doesn’t get anywhere near the same level of publicity as a large business gets. “But this doesn’t mean that they’re not happening. This can give smaller businesses a false sense of security,” he added. As a result, SMEs do not have the proper security measures in place.

In fact, according to the 2019 SMB cyber threat study, an alarming two-thirds of SME leaders believe that their company is too small to be targeted by cybercriminals, which is not the case. Another study by Verizon showed that 43% of cyber attacks were aimed at small to medium-sized businesses.

To add on, Bates opined that it’s easier to steal £10m by robbing £100 from 100,000 people than a big amount from a large organisation. “Think how quickly you can send out 200,000 or a million phishing emails. You only need a small percentage of those to click on that link or inadvertently pay that invoice and then there’s the £10m that the criminals were after.. [which] eventually does dry out your business to quit,” he said.

Furthermore, the Covid-19 pandemic has hardly been kind to SMEs which makes it even more essential to focus on cybersecurity. Bates stated that, “Whether you’re a small business, a pub, a chip shop or a manufacturer running a factory, there’s been a lot going on with furloughing staff and business bounce back, loans etc and that just takes the eye off the ball from the cyber conversation.”

Highlighting the various kinds of cyberattacks which SMBs need to be wary of, Thomas said, “One sort of attack on SMEs is called business email compromise that can have a material effect on the cash flow position of any organisation.” The other being reputational damage. Thomas added that, “Everybody probably will suffer some sort of cyber incident so people shouldn’t be shamed by the fact that they’ve fallen victim. Problem is the recovery process and beyond that, the impact that it has upon your customer-client relationships.”

So how can SMEs battle these attacks, flesh wounds or in some instances, fatal injuries triggered by laptop-wielding larcenists? Thomas believes that there’s no silver bullet to eradicate risk. “You can’t ever completely remove risk from your life or indeed from the operation of your business.” However, there are a few basic steps entrepreneurs can take to improve the risk resilience of their business.

According to Bates “the more you report cybercrime to the police and law enforcement, the more that people can help with this, particularly in a ransomware situation.” Bates urged companies to utilise GCA’s Domain-based Message Authentication, Reporting and Conformance (DMARC) feature which allows businesses to monitor and improve protection of their domain from fraudulent email.

Thomas added, “Making sure you have the right security measures in place against being phished or having no vulnerabilities within the software that you’re using are all basic good hygiene steps.

“Another critical component worth considering is cyber insurance. And that’s not just about having the payout in place when you do suffer a loss but the critical part of any cyber insurance policies are the services that you get within it and the access to the expertise that you would need to help reduce the impact and quickly recover from any incidents,” he continued.

Touching on the most key reason causing cyberattacks, Thomas said that people are always the weakest link. “[In a work-from-home situation] it’s far easier for an employee who would normally be vigilant to click on the wrong link or to fill out the wrong information within a form.

“There’s some great services and courses available to help people stay aware and stay on top of the risks that they presenting and also make their employees aware of the risks that they are faced with every day and I recommend people go out and look for that,” Thomas concluded.

Episode 008 of #TheKYNDPodcast: Do SMEs really need to worry about cyber risks? can be listened to here.

KYND’s previous podcast explored cybersecurity threat in the maritime industry. Click here to read about that episode.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.