In Europe two
out of every three employees are employed by SME organisations. However, when
the topic of security and cybercrime is being discussed you would be forgiven
for thinking that these businesses are in the minority, as the media (and to a
large extent the vendors) focus on larger and wealthier enterprises.
It would be fair
to say that for the majority of SMEs security issues do not feature heavily in
their day-to-day thinking. After all, they are focused on running their revenue
generating operations and why would they worry about issues that seemingly only
ever happen to the ‘big boys’? And even if they do appreciate the risks, few
have the time to keep abreast of the latest threat landscape and ways to
safeguard against them.
The problem is
however that cybersecurity is very much an issue for SMEs and the impact can be
devastating. For one of those large organisations that hit the headlines it can
inflict harm on their brand reputation if not managed correctly and it can cost
many millions of pounds to resolve, as well as impacting the bottom line, but
by and large they have the resources and infrastructure to bounce back. For a
vulnerable SME a basic ransomware attack could spell the end of their business.
Of course, some
of these attacks on high profile organisations are targeted, and the owner of
an SME may counter with the question ‘Why would a cybercriminal be interested
in me?’ To answer that question take a moment to think like a criminal. They
specialise in finding weak links. Some, will be opportunistic and see an open
door, or window, with a wallet left on the table unguarded. Meanwhile, others will be far more calculated
in their approach. Your business may not be the ultimate target but you may
present the ‘open window’ through which they can get access to the organisation
that is tempting them with a big score! You are just collateral damage. What is
more, that organisation you are supplying certainly won’t thank you.
Going after the
weak link in the supply chain isn’t new (you may recall the now famous Lockheed
Martin incident back in 2011). For this reason supply chain security has moved
up the ICT agenda for large enterprises. So, for those SMEs who can demonstrate
that they will not be the weak link, it could well be the point of difference
that determines winning a major contract and losing out to a competitor.
Most SMEs do
have a basic level of protection, but for many the only time it is mentioned is
when the annual renewal of the anti-virus software comes around.
In today’s world
of multiple always on, always connected devices it is the password that
provides the first line of defence. Get hold of a password and all too often
the cybercriminal has the keys to the candy store – confidential information,
contracts and contacts, passwords
and access to systems,
and in some instances that can include third parties!
The challenge
for an SME and especially those on the larger side of the spectrum is being
able to manage passwords adequately. When someone creates a password they do so
because they think they will remember it, not because they think it will be
secure. Enforce more complex or so called ‘strong’ passwords and the cost of
constant reset requests will go up. Worse still so does the likelihood that
they will be written down on a Post-It note and stuck on the side of a monitor
(insider attacks can and do happen). Ask them to change their passwords
frequently and it will inevitably be a variation on the same theme so
DavidSmith1! becomes DavidSmith2!
Large security
conscious organisations (and I stress that not all of them are) invest in
additional layers of security, such as key-ring tokens and even biometrics, but
they introduce complexity, are expensive, are resource intensive to manage and
out of reach for most SMEs. What is more, many of them will revert back to
password-based authentication if they fail! However, thankfully there is a new
breed of innovative and affordable software-based solutions on the market that
can give small and large organisations alike the same calibre of first-line
defence, replacing passwords without massive change, closing what has until now
been an easy door to walk through for the determined cybercriminal.
If you would
like to learn more about how to safeguard your supply chain visit:
www.pingrid.com
Author: Steven Hope, CEO of Winfrasoft