We’re focused on…
How small businesses are suffering in the fight against cyber threats – and what the cybersecurity sector can do to help.
Why?
Because ransomware group 8Base is targeting small businesses in its attacks. And small businesses are less likely to have the operational procedures in place to mitigate threats.
When we interviewed Abeer Khedr (National CISO at Bank of Egypt) for the BHMEA blog, we asked her about the key threats that concern her in 2024. She said:
“According to the World Economic Forum outlook report, inequity between cyber resilient organisations and smaller less resilient ones will continue to increase.”
“This is a cause of concern because the less resilient companies could be our suppliers, our customers; it’s one ecosystem. This should drive our efforts in 2024 to increase awareness and support these companies on how to apply security measures and develop incident response capabilities to increase their cyber resilience.”
Increasing the resilience of small businesses has knock-on benefits
Helping small businesses increase their cyber resilience isn’t just about being nice to small businesses. Often, those companies are supplying their products or services to larger organisations; and if they’re a weak link in the security of a supply chain, they expose all of their partners to the risk of data theft or breach.
Why does this inequity exist?
With limited financial resources and smaller IT budgets, small businesses struggle to establish robust security measures and continuous monitoring, and they’re unlikely to have dedicated security personnel.
On top of this, small businesses are far less likely to have the capacity to run security awareness programs than their larger counterparts. Theoretically, it’s much easier to create a strong culture of security among a smaller, more engaged team; but small businesses don’t have the resources to make that happen.
A lack of specialized cybersecurity knowledge and awareness training in-house means that it’s difficult to choose, implement, and maintain effective security controls. Small businesses might adopt a set-it-and-forget-it strategy with their cybersecurity tooling – and this means they quickly fall behind on emerging threats and software updates.
And then there’s the reality that for many small businesses, security just isn’t a priority. This isn’t their fault; they’re working at stretched capacity with a small team, and they’re focused on other things. This means that their security systems are often left unpatched for far longer than a large-scale business would allow.
How can the cybersecurity sector drive stronger security for small businesses?
We’ve got to look at this from every angle – and most importantly, we have to understand the challenges that small businesses face.
This takes empathy, and it takes time.
Cybersecurity sector professionals can play a role in increasing resilience among small businesses by:
Making security solutions that are affordable – and tailoring them to the needs of small businesses. Cost-effective solutions such as bundled security packages that cover all bases, cloud-based security services, and user-friendly tools that don’t require in-house cybersecurity expertise.
Offering training and awareness programs specifically for small businesses. These could be online programs, in-person events, and/or consulting services that allow businesses to understand and improve their security posture.
Advocating for the needs of small businesses within the cybersecurity sector. A lot of B2B resources in cybersecurity are geared towards large-scale organisations. And small businesses need a voice in all of this.
The cybersecurity industry needs to lobby for policies and regulations that take into account the limited resources that small businesses are working with; promote the development of affordable, user-friendly security tooling specifically designed for small businesses.
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!