In Europe two out of every three employees are employed by SME organisations. However, when the topic of security and cybercrime is being discussed you would be forgiven for thinking that these businesses are in the minority, as the media (and to a large extent the vendors) focus on larger and wealthier enterprises.
It would be fair to say that for the majority of SMEs security issues do not feature heavily in their day-to-day thinking. After all, they are focused on running their revenue generating operations and why would they worry about issues that seemingly only ever happen to the ‘big boys’? And even if they do appreciate the risks, few have the time to keep abreast of the latest threat landscape and ways to safeguard against them.
The problem is however that cybersecurity is very much an issue for SMEs and the impact can be devastating. For one of those large organisations that hit the headlines it can inflict harm on their brand reputation if not managed correctly and it can cost many millions of pounds to resolve, as well as impacting the bottom line, but by and large they have the resources and infrastructure to bounce back. For a vulnerable SME a basic ransomware attack could spell the end of their business.
Of course, some of these attacks on high profile organisations are targeted, and the owner of an SME may counter with the question ‘Why would a cybercriminal be interested in me?’ To answer that question take a moment to think like a criminal. They specialise in finding weak links. Some, will be opportunistic and see an open door, or window, with a wallet left on the table unguarded. Meanwhile, others will be far more calculated in their approach. Your business may not be the ultimate target but you may present the ‘open window’ through which they can get access to the organisation that is tempting them with a big score! You are just collateral damage. What is more, that organisation you are supplying certainly won’t thank you.
Going after the weak link in the supply chain isn’t new (you may recall the now famous Lockheed Martin incident back in 2011). For this reason supply chain security has moved up the ICT agenda for large enterprises. So, for those SMEs who can demonstrate that they will not be the weak link, it could well be the point of difference that determines winning a major contract and losing out to a competitor.
Most SMEs do have a basic level of protection, but for many the only time it is mentioned is when the annual renewal of the anti-virus software comes around.
In today’s world of multiple always on, always connected devices it is the password that provides the first line of defence. Get hold of a password and all too often the cybercriminal has the keys to the candy store – confidential information, contracts and contacts, passwords and access to systems, and in some instances that can include third parties!
The challenge for an SME and especially those on the larger side of the spectrum is being able to manage passwords adequately. When someone creates a password they do so because they think they will remember it, not because they think it will be secure. Enforce more complex or so called ‘strong’ passwords and the cost of constant reset requests will go up. Worse still so does the likelihood that they will be written down on a Post-It note and stuck on the side of a monitor (insider attacks can and do happen). Ask them to change their passwords frequently and it will inevitably be a variation on the same theme so DavidSmith1! becomes DavidSmith2!
Large security conscious organisations (and I stress that not all of them are) invest in additional layers of security, such as key-ring tokens and even biometrics, but they introduce complexity, are expensive, are resource intensive to manage and out of reach for most SMEs. What is more, many of them will revert back to password-based authentication if they fail! However, thankfully there is a new breed of innovative and affordable software-based solutions on the market that can give small and large organisations alike the same calibre of first-line defence, replacing passwords without massive change, closing what has until now been an easy door to walk through for the determined cybercriminal.
If you would like to learn more about how to safeguard your supply chain visit: www.pingrid.com
Author: Steven Hope, CEO of Winfrasoft