Did you know that if all Small Medium Enterprises (SMEs) were to close, GDP and world economies would collapse? SMEs are a fundamental part of the heart and economic engine of society, representing 90% of all businesses globally.
According to the World Bank and Statista, approximately 332.9 million businesses contribute up to 40% of national income (GDP) in emerging economies, playing a key role and adding value in every sector of the economy.
Check Point® Software Technologies Ltd. has shared in their last reports that SMEs are one of the most recurrent targets of cyberattacks. However, investment in cybersecurity continues to be placed on the back burner for many of these businesses.
According to Check Point Software’s SMB Report 2022 from a survey of over 1,000 small and medium sized businesses across the US, Germany, UK and Singapore, the survey found that only 22% of the SMEs felt that they were adequately prepared for a cyber attack, and only a minority have internal security specialists or are working with a third party. This means that a large number of SMEs either have no security products in place or these products are managed by non-specialist staff.
In Singapore, 66% of the SMEs surveyed in the above SMB Report did not mandate their remote employees to go through added security training measures. In today’s technology space where the majority have embraced remote working, and fast tracked the adoption of cloud, mobile, and SaaS technologies, this is especially worrying. After all, human errors and negligence are one the most common way hackers get into a company’s system.
While it seems counter-intuitive to spend more money on additional staff training and security measures in today’s recessionary climate, the increasingly high costs associated with the outcomes of a cyberattack can be devastating, and lead to the complete closure of an SME. The situation is even more pressing as an organisation in Singapore is being attacked 1,269 times per week on average in the last 6 months, according to the Check Point Intelligence Report.
In recent years, methods used in cyberattacks had evolved drastically, giving rise new exploits like double and triple extortion ransomware attacks, in which multiple layers of the supply chain gets affected. For example, after a company’s data gets compromised and held for ransom, the users or partners affected by the breach are contacted again and asked for more money.
Muhammad Yahya Patel, Lead Security Engineer at Check Point Software shares “Ransomware gangs were typically less organised than other groups up until a couple of years ago. Now they are becoming far more considered and steadfast in their approach, exploiting large-scale vulnerabilities and executing double and triple extortion to settle their demands.”
Check Point Software wants to ensure SMEs are aware of the current dangers on the network, as well as help them achieve digital resilience that allows them to continue to grow securely by offering them some tips such as:
- Regular backups: One of the main objectives of ransomware is to disable access to data. In this way, and sometimes with the added threat of deletion, cybercriminals seek ransom payments from their victims. Generating and storing automated backups of data allows companies to recover quickly from these cyberattacks, minimising the incidence of these attacks.
- Update devices on a recurring basis: There are many SMEs and users who do not immediately update when an update arrives or leave it for later, which is a terrible mistake. The purpose of applying patches and updates is to plug or fix any vulnerabilities present in the device or application. This is a critical component in the defence against ransomware attacks. Failure to do so allows cybercriminals to take advantage of the latest exploits discovered, targeting their attacks on systems that are still vulnerable.
- User authentication: Just as we do not share our passwords, it is equally crucial for companies to ensure that only the right people have the necessary access. A recurring type of cyberattack focuses on Remote Desktop Protocol (RDP) access with stolen user credentials. Using a two-factor user authentication adds an additional layer of defence to prevent attackers from making use of these compromised passwords or accounts.
- Reducing the attack surface: Given the high potential cost of a ransomware infection, the best strategy is to focus on a strategy of prevention, preventing attacks before they are deployed rather than the current traditional detection (which means the organisation is allowing the attack to take place and then rush to mitigate the attack).
- Deploy an anti-ransomware solution: Given its data encryption methodology, ransomware leaves a unique digital footprint when it executes on a system. Anti-ransomware solutions are designed to identify these traces and detect these attacks more efficiently.
- Cybersecurity training and awareness: Most malware targeting SMEs are often spread via phishing emails, and the weakest link in the chain is often employees. It is therefore crucial to train employees on how to identify and avoid potential threats of this type with training and support of relevant security tools.
“Hybrid working has complicated security for SMEs, fostering the need for a simple, consolidated security platform. More and more companies want to invest in cybersecurity to safeguard and drive business growth” shares Rebecca Law, Country Manager, Singapore, Check Point Software Technologies.
“However, with the growing shortage of skilled cybersecurity professionals, they need a solution that offers full coverage protection without complicated installation and integration processes, preferably one that delivers proven threat prevention and the flexibility of an ‘all-in-one’ solution that combines security and internet connectivity.”