In recent years, digital transformation and rapid dematerialization, exacerbated by the advent of telecommuting, mobile working and hybrid working, have widened the attack surface for companies.
Today's attackers have a multitude of entry points for attacking companies, even SMEs and SMBs, who all too often still underestimate the importance of cybersecurity for them.
Unfortunately, most SMEs mistakenly believe that their size protects them, which exposes them to a variety of cyber-risks.
What are the cyber challenges for SMEs and ETIs ? What are the best cybersecurity practices for SMEs ?
We explain in detail in this article 👇🏻
Cybersecurity refers to all the methods used to protect data (from organizations, employees, customers, suppliers, etc.) and information systems (IS).
In an increasingly digitalized world, the overwhelming majority of businesses are built around information systems (IS). These information systems are therefore central to companies of all sizes, as is their protection by appropriate methods and tools.
In recent years, digital transformation and rapid dematerialization, exacerbated by the advent of telecommuting, mobile working and hybrid working, have widened the attack surface for companies.
What's more, the diversity of devices used by today's employees (smartphones, tablets, laptops, etc.) means that the risk is increased tenfold.
💡 By 2023, cyber-attacks had increased by 38% worldwide, particularly affecting SMEs (source: Check Point Research report)
All this reinforces the need for good protection for organizations of all sizes (from SMEs to major international groups) and all types (private and public).
In addition, today's attackers have a multitude of entry points for attacking companies, even SMEs and SMIs, who all too often still underestimate the importance of cybersecurity for them.
💡 Did you know ? In recent years, phishing and ransomware have become the two main methods of attack against companies, and their consequences are no less significant
- Phishing: the sending of realistic e-mails or SMS messages to employees, pretending to be a trusted company, in order to retrieve sensitive or even personal data (credit card number, business account password, etc.). These informations can be used by the attacker, among other things, to access employees' corporate accounts (Microsoft, Google, etc.) and thus retrieve other sensitive data on the company, employees, customers, partners, etc.
- Ransomware: the theft of sensitive data, with the possible blocking of the system in order to demand a ransom in exchange for the unblocking of the information system or the deletion/non-disclosure of sensitive data
Most SMBs mistakenly believe that their size protects them. SMEs think they're small enough not to need cybersecurity solutions or measures, and this leads to low cybersecurity budget allocation. The CISO (Information Systems Security Manager) therefore has a critical role to play in SMEs and SMBs.
In fact, the challenge for these companies is not so much to cover the risk as to raise the awareness of management. For if the company's management is unaware of the risk involved, it will be more complicated for the CISO, CIO or CIO to obtain approval for the budget required to implement a cybersecurity tool. When the company's management is aware of the risk and knows the solutions to remedy it, cybersecurity projects can be validated and implemented.
💡 At bconnex, we offer to set up proof of value (POV) on a restricted perimeter. This POV (Proof of Value) makes cyber risks visible. Feedback is provided at the end of the POV to present the results in a concrete and comprehensible way
As SMEs often believe that they are small enough not to need "fixed"/determined cybersecurity solutions or practices, they are often neither equipped to detect cyber-risks nor to protect against them.
Proactive monitoring (via intrusion detection solutions, regular audits, etc.) is an essential part of an organization's cybersecurity. But SMEs often lack these tools, leaving them vulnerable to silent attacks that are only discovered after the damage has been done.
The user is on the front line of cyberattacks. Employees are a prime entry point for cyberattackers, and indeed the overwhelming majority of cybersecurity incidents have a human cause, notably via phishing or configuration errors (source: Verizon Data Breach Investigations Report (DBIR) 2022)
And unfortunately, thinking they are protected by their size, SMEs often neglect to raise awareness among their employees.
💡The majority of cyber attacks begin with a malicious link, a false invoice, a dishonest attachment... and an employee who falls into the trap
However, it is only through training and awareness-raising that, for example, phishing attempts will not succeed, and employee and organizational data will remain protected.
💡 The year 2022 saw the highest percentage of mobile phishing cases ever recorded: an average of over 30% of personal and corporate users exposed to these attacks each quarter (Source: Lookout, "Mobile Threat Landscape Report: 2023 in Review").
For more information on this subject, see our dedicated article:
https://betoobe.fr/articles/culture-cybersecurite-la-place-centrale-du-collaborateur/
With increasingly strict legislation (RGPD for the European Union, for example), SMEs/ETIs must comply with security standards or face penalties. Failure to comply with these standards can result in substantial fines in the event of a data leak.
Legal and regulatory non-compliance can also lead to loss of customer and partner confidence. Data breaches can damage a company's reputation, affecting customer loyalty and partner trust. This is one of the reasons why major corporations and governments are increasingly demanding cybersecurity guarantees before establishing partnerships.
Cybersecurity must therefore become a central issue for SMEs. But what are the best cybersecurity practices for SMEs ?
bconnex helps you audit your current level of protection and set up an incident response plan.
bconnex is also the first Lookout partner in France to become an MSP, offering managed services for your mobile fleet.
