SOUTH AFRICA ’ S SMALL AND MEDIUM ENTERPRISES ( SMES ) HAVE EMBRACED CLOUD SERVICES TO TAKE ADVANTAGE OF SCALABLE SUBSCRIPTION SERVICES THAT ENABLE HYBRID WORKING MODELS , ALLOW THEM TO TURN IT FROM A CAPITAL COST INTO OPERATIONAL EXPENDITURE , AND ACHIEVE HIGHER LEVELS OF FLEXIBILITY . HOWEVER , DESPITE THE MANY BENEFITS OF CLOUD COMPUTING , IT ALSO BRINGS NEW COMPLEXITIES TO CYBERSECURITY .
THE PUBLIC CLOUD SERVICES AND APPLICATIONS SMES SOURCE FROM PROVIDERS LIKE MICROSOFT , AWS AND GOOGLE ARE HOSTED IN SECURE DATA CENTRES . BUT END-USER DEVICES USED TO ACCESS THESE SERVICES — SUCH AS PCS AND SMARTPHONES REMAIN VULNERABLE TO A RANGE OF THREATS — INCLUDING MALWARE , INSIDER DATA THEFT , RANSOMWARE AND ELABORATE SOCIAL ENGINEERING THREATS .
GLOBAL RESEARCH FROM SAGE FOUND THAT HALF OF SMBS HAVE EXPERIENCED A CYBER SECURITY INCIDENT IN THE PAST YEAR AND A QUARTER HAVE EXPERIENCED MORE THAN ONE . A SOPHOS STUDY MEANWHILE FOUND THAT SOUTH AFRICA HAD THE BIGGEST INCREASE IN RANSOMWARE ATTACK RATES , WITH 78 % OF ORGANISATIONS HIT IN THE 2023 SURVEY COMPARED TO 51 % IN 2022 .
THE RISKS OF CYBERATTACKS AND DATA BREACHES ARE SIGNIFICANT . SOPHOS FOUND THERE WAS A DIRECT REVENUE LOSS TO 82 % OF PRIVATE SECTOR ORGANISATIONS IN SOUTH AFRICA THAT EXPERIENCED RANSOMWARE ATTACKS . THERE ARE ALSO POSSIBLE REGULATORY REPERCUSSIONS , WITH REGULATIONS UNDER THE PROTECTION OF PERSONAL INFORMATION ACT PROVIDING FOR STRINGENT FINES AND PENALTIES FOR NON-COMPLIANT COMPANIES . THIS IS WITHOUT MENTIONING THE IMPACT ON CUSTOMER RELATIONSHIPS , POSSIBLE LEGAL LIABILITIES , AND THE BUSINESS COSTS OF LOSING BUSINESS-CRITICAL DATA .
WITH SMES ON CYBERCRIMINALS ’ RADAR , IT HAS BECOME MORE IMPORTANT THAN EVER TO FORTIFY THEIR DATA AND SYSTEMS . HERE ARE A FEW WAYS THAT YOUR SME CAN STRENGTHEN ITS CYBERSECURITY DEFENCES :
1 . CONSIDER MOVING TOWARDS A ZERO-TRUST MODEL
SMES CAN BENEFIT FROM EMBRACING A ZERO TRUST SECURITY MODEL , A FRAMEWORK THAT OPERATES ON THE PRINCIPLE OF " NEVER TRUST , ALWAYS VERIFY ". IN PRACTICE , THIS MEANS THAT YOUR BUSINESS WILL NOT AUTOMATICALLY TRUST ANY PERSON , DEVICE , OR SYSTEM INSIDE OR OUTSIDE YOUR NETWORK . EVERYONE AND EVERY DEVICE WILL NEED TO AUTHENTICATE BEFORE GAINING ACCESS TO DATA OR SYSTEMS . MANY CLOUD SERVICES SUCH AS MICROSOFT 365 BUSINESS SUPPORT ZERO TRUST PRINCIPLES — PROVIDED THEY ARE CONFIGURED CORRECTLY .
2 . REMEMBER YOUR DEVICES ARE YOUR WEAK POINT THE PHYSICAL THEFT OR LOSS OF A SMARTPHONE OR NOTEBOOK WITH PRIVILEGED ACCESS TO CLOUD SERVICES AND APPS IS ONE OF YOUR BIGGEST RISKS . IN THE SAGE RESEARCH , THE MOST MENTIONED CYBERSECURITY INCIDENT WAS STOLEN LAPTOPS ( 28 %). MAKE SURE YOUR END-USERS PROTECT THEIR DEVICES FROM UNAUTHORISED ACCESS WITH BIOMETRIC AUTHENTICATION ( FACIAL RECOGNITION OR FINGERPRINTS ) OR STRONG PASSWORDS . USE THE ‘ FIND MY PC / PHONE / TABLET ’ FEATURE TO IMPROVE THE CHANCES OF RECOVERING A LOST OR STOLEN DEVICE .