CYBER SECURITY
Why Small Businesses
Must Go Big On Cyber
Security
By Denis Mbau
O
ver
the
years,
businesses
have been urged to embrace
technology to be able to tap
into more opportunities and enhance
sustainability and reduce costs. Moreover,
with technology convergence, SMEs
are reaping big with them being able to
offer more flexible working arrangements
to their employees while improving
collaboration of activities towards certain
objectives.
They are able to work across multiple
technology devices, from office desktops
to personal laptops to tablets and even on
their mobile phones.
hacks happen among SMEs who in most
instances tend to be both overconfident
and underprepared when it comes to
cyber awareness.
This coupled with the fact that SMEs
contribute to about 45% of the GDP
and comprise of over 99% of the total
businesses in Kenya, and are responsible
for somewhere between 50 to 70% of the
jobs make them easy, low-risk targets of
cyber-attacks.
For most SMEs, the
hardware is enough
However, most of these devices are
usually unsecured, leaving sensitive
digital information and company secrets
open to a higher risk of data leaks, data
loss, malicious applications and viruses. Many SMEs tend to focus on the status
of their hardware systems over their
cyber-security issues. This may be because
of their budgetary constraints and setting
up a secure cyber defence is not a priority.
It is estimated that Kenya lost
approximately Sh21.2 billion to cyber-
security in 2017, second only to Nigeria
which lost Sh65.5 billion according to
a Cyber Security report by Serianu. The
report shows that over Sh18 billion was
withdrawn from victim accounts from
banks. Additionally, most SMEs do not
think that their data is important and
wonder why hackers would even be
interested. Therefore, most SME’s do
not have comprehensive risk and asset
management solutions, which leaves them
greatly exposed to manageable risks. They,
therefore, stand a very slim chance of
recovering their business and reputation
in case of an attack.
Studies show that most of the cyber
Most hackers work on the notion that small
businesses do not regard their information
important and hence do not invest seriously
on cyber-security measures. This is mostly
true.
84 MAL31/19 ISSUE
Speaking during a recent cyber Security
awareness event by Invest In Africa-Kenya,
Patricia Jepkoech, Safaricom Manager,
Cyber Security Incident Response and
Management highlighted that, ‘many
SMEs think that their information is not
that important and hence no hacker would
be interested. However, in an era where
customer data is a new form of business
currency, a business can be brought to its
knees due to information leakage’.
Sensitive information such as customers’
bank details or staff log-ins is desirable
to criminals. SMEs, therefore, need
to understand what data needs to be
protected and how to protect it.
Compliance requirements
may push SMEs to embrace
cyber-security measures
According to a recent report by KPMG,
big organizations now perceive cyber-
security as one of the key concerns to their
operations and are investing heavily in
cyber-security response strategies.
“The proportion of East African CEOs
who recognize that a strong cyber strategy
is critical to building trust with key
stakeholders has risen significantly from
28 per cent in 2018 to 72 per in 2019,”
says the report which was released in May
2019.
SMEs who are the key suppliers to big
organizations are now finding themselves
between a rock and a hard place as far as
cyber-security is concerned. Many large