The Small, Medium-Sized Enterprise vs Cyberthreats
“Small and medium-scale enterprises created jobs and strengthened support industries in domestic economies. While foreign direct investment from developed countries and the transfer of technology could aid the small and medium-scale enterprises, the local support for such enterprises must also be strong. Governments should provide a favorable environment to support the development and growth of small and medium-scale enterprises,” UN General Assembly GA/EF/2777, 1997.
Contrary to popular belief, Fortune 500 is not the segment of the business community that employs the most number of private sector employees. The UN General Assembly in 1997, 21 years ago has already acknowledged the huge role of Small, Medium Enterprise in the world. That distinction has not only remained today, but also expanded to a level that private sector employees employed by Fortune 500 companies are only the minority.
Just like the Fortune 500 business sector, the SME sector also needs to meet a credible cyber defense requirement. However, due to funding limits SMEs are more at risk of falling for online scams, phishing, malware attack and social engineering. Cybercriminals want to earn profit, malware and online scams are there for revenue generation purposes. There is huge money pouring in the coffers of cybercriminals when an organization pays for ransomware, falls to a phishing scam and became a victim of cyber extortion.
With the growth of mobile devices, SMEs are also facing the double-edged sword known as BYOD (Bring your own devices) phenomenon. It is when employees bring their personal internet-connected devices in the office for official business use instead of the company-supplied equipment. At first glance, BYOD can save the company millions as employees are willingly using their own personal device to do some of their tasks and accomplish some of their goals for the day. However, the increased use of unregulated mobile devices is a huge risk for the company’s corporate network.
As the private stuff and corporate data are mixed in a BYOD device, one small problem can escalate to a huge dilemma. This is especially true if the employee stores company confidential files to his device and the device got lost in unencrypted state or the MicroSD card where the data was stored was stolen. Cybercriminals from time-to-time also poison the Google Play Store and Apple App Store, as they upload trojan horse apps that invade user’s privacy and compromise security.
SME’s need to expand their perspective when dealing with the issues of Cybersecurity and stakeholder privacy. If they don’t want their networks to get penetrated, then let their networks be voluntarily penetrated. Seemingly a conflicting principle, but such can be accomplished by hiring skilled ethical hackers for them to perform an adequate level of penetration testing.
Penetration testing is a formal action of a contracted ethical hacker to penetrate the system. Evaluate the security systems in place, break systems as much as possible and detect inherent flaws in the cybersecurity strategy of the IT team. At first glance ethical hacking/penetration testing is expensive, however, no company can afford to be in the headline of tomorrow’s news reports of being a victim of a cyber attack or malware infection.