An 8% increase in malware or unwanted software found by more than 30,000 users. A 5% increase in infections and 88% of companies within the Middle East, Turkey and Africa (META) regions experienced a minimum of one cyber-incident since 2022. In 2023, the global attack volumes rose by 38%, 43% of companies experience a cyber-attack every year. And the most startling fact of all? These are not the statistics associated with large enterprises – this is the threat landscape for the small to medium enterprise (SME).
Currently SMEs are among the most targeted organisations alongside charities, healthcare organisations and the financial sector. It is the small business that most often falls victim to unexpected vulnerabilities, threat actors and employee errors, and the cost to their businesses and reputations can be significant. In fact, a recent study found that there are ‘far reaching implications for SME’s operational and financial stability’ in the wake of a cybersecurity event.
Microsoft research found that ransomware attacks are becoming more and more sophisticated, and have more than doubled since 2023. The average cost of recovering from a data breach can be as high as R70 million, an expense that would cripple most SMEs.
The SME has become a target.
They also don’t have the budget to invest in the high-end security available to the enterprise. They can’t build an on-premises Security Operations Centre (SOC) with a dedicated Chief Information Security Officer (CISO) and a team of security experts on site. This is complicated by the perception that small companies aren’t of interest to hackers and cyber-criminals – they’re too small, they don’t have the rich pickings of a larger organisation. And all this adds up to SMEs becoming the low-hanging fruit for cybercrime. They’re easier to access, their employees aren’t being given the right levels of training, and they don’t have the architecture required to identify and repel threats at speed.
In fact, according to Verizon’s 2023 Data Breach Investigations Report, around 61% of all data breaches involve small businesses.
Unfortunately, the threats are also becoming more complex.
Artificial intelligence (AI) is making ransomware, malware and phishing attacks smarter and more difficult to detect. Phishing emails, for example, are well written and extremely convincing, playing on the emotions of fear and reward to persuade employees to make that fateful click.
The need for SMEs to prioritise security has never been more important. Fortunately, security solutions have evolved alongside the threats and now provide access to tools, services and solutions that meet both their protection and budgetary needs. Cutting-edge digital security, AI and cloud-based solutions are affordable and accessible.
Yes, SMEs, it is entirely possible to access a range of features designed to protect the organisation to an extremely high level without needing a CISO, security team or SOC. Microsoft, for example, provides SMEs with tools that benefit from their ongoing research and development (R&D) and security best practices. The company has invested in security solutions that fit smoothly within the Microsoft ecosystem and deliver ongoing threat detection and mitigation capabilities.
Recently, Efficient Group, a leading financial services provider, built its security foundation on Azure to gain more control over its security capabilities. The goal was to benefit from the cloud-based security features inherent within the Azure platform while gaining more control over analytics, threat detection and overall visibility into the business.
Azure Arc and Microsoft Sentinel focus on different aspects of cloud and infrastructure management and security, with Azure Arc prioritising the management and governing of resources across diverse environments and Microsoft Sentinel centring around security analytics and threat detection. Both are complementary solutions for organisations leveraging hybrid and multi-cloud strategies.
SMEs can also get all the security and benefits from managed security services now. These aren’t just for the enterprise anymore – SMEs can benefit from fully-funded security assessments, recommendations, and support that sit within their budgets. There’s no need for a SOC or CISO, only a trusted provider that brings expertise, insight and tech into the business in the right way, at the right price.
The SME doesn’t have to withstand the security onslaught alone. Technology and support are cost-effective and accessible. What it does have to do, however, is realise that the threats are coming – straight in the small business back door.