// EDITOR ’ S QUESTION ?
GIUSEPPE BRIZIO , CISO EMEA , QUALYS
MEs often have to walk a fine line between investments in technology solutions that are critical to the business ( ERP solutions , CRM systems , financial tools , etc ) and those that can protect the organisation from cyberattacks . Often SMEs choose to prioritise the former , which is fine if it is just for a short period of time . But given that a cyberattack is a matter of when , rather than if , it ’ s definitely not worth remaining exposed for the long run as it can truly jeopardise the entire SME business with potentially unrecoverable financial consequences .
SMEs are often under the misconception that they aren ’ t high-value targets for hackers and , as such , immune to cyberattacks . But the truth is that they might become a relatively ‘ easy ’ entry point for a cyberattack aimed at compromising a larger company that the SME does business with . In today ’ s globalised and interconnected world , and particularly given that most of the large enterprises have sophisticated security defences , attackers have started looking at an organisation ’ s entire value chain in order to identify and attack its weakest link .
For SMEs looking to shore up their cybersecurity defences , it starts with addressing the human factor which is the most exploited vulnerability that hackers take advantage of . This means training employees about security policy such as password management ( i . e . use complex password , changing password often , unique password etc .) and cybersecurity , educating them about how to recognise cyberattacks and avoid falling into cyber traps such as phishing and social engineering . This is not just a one-off session , but actually an on-going training programme to make employees aware about new arising cybersecurity risks and ensure discipline in protecting company data .
In today ’ s age of Digital Transformation , there is more exposure to IT security risks than ever before , but by the same token , there are also several affordable new technologies that SMEs can adopt to secure their IT environments and protect their data .
Cloud computing for instance , through a reliable Cloud Service Provider ( CSP ), gives SMEs an opportunity to step up their IT and cybersecurity while maintaining financial flexibility and without having to burden inhouse resources , compared with deploying and managing IT solutions in house .
To safeguard user access , two-factor authentication provides a further level of security , usually requiring users to input a PIN code ( or similar sent to the user ’ s registered smartphone ) in addition to username and password to gain access . This limits the risk of an intruder gaining unauthorised access in case username and password are compromised .
Regular backup of company data is an essential last line of defence against the more frequent ransomware criminal acts which can , at best disrupt , and at worst destroy a company ’ s business .
Finally , the utilisation of scalable IT technologies for continuous security purposes – particularly ones that are able to provide visibility on the vulnerability surface and assess the risk exposure and security posture – are essential to prevent and effectively respond to cyberattacks in order to protect company data and IT assets .
SMES ARE OFTEN UNDER THE MISCONCEPTION THAT THEY AREN ’ T HIGH- VALUE TARGETS FOR HACKERS AND , AS SUCH , IMMUNE TO CYBERATTACKS .
Intelligent SME . tech