Some of the biggest beneficiaries of technological evolution are small and medium-sized enterprises (SMEs). It was not long ago that companies would have to engage web development specialists to create a simple website, at considerable cost and time. Nowadays, online platforms like Wix, Squarespace and others allow anyone to create an amazing website quickly and at low cost.

The same can be said for online storage. Where companies would previously need an in-house server, cloud storage solutions are easily accessible for smaller companies today. Almost every service you can think of, from e-mail and team management software to accounting solutions, has been improved by technology, and made cheaper and more widespread.

A result of this improvement in quality and lowering of costs has been the mass adoption of digital technology by start-ups and SMEs. The term “digital transformation” can mean different things to different people, from the deployment of high-end Machine Learning and Artificial Intelligence to leveraging automation software, or simply digitalising previously manual work, such as generating invoices online instead of on paper. Ultimately, it is the greater adoption of digital technology to perform more tasks.

Digital transformation has undoubtedly been a good thing, with technology lowering the costs of doing business, and allowing SMEs to become nimbler and more flexible. However, there are significant cybersecurity risks to digital transformation, which SMEs are uniquely vulnerable to, especially relative to larger firms. Regardless of location, the costs of cyber attacks are substantial, with small companies suffering up to US$120,000 per Denial-of-Service (DOS) attack according to Infoblox’s Q4 2021 Cyberthreat Report.

Multi-level threats against SMEs

As more SMEs move to cloud-based services for storage, sharing and collaboration, malicious actors will target the cloud and exploit its vulnerabilities. Photo: Canva Pro

Attacks on SMEs can come in many different forms. One example is spear-phishing, where convincing messages are created after various methods have been used to profile the targets, making it harder to resist. The intent can be to either steal data from the victim or install malware onto their system.

Another growing trend is brand imitation, whereby scammers seek to imitate websites of companies using similar URLs, webpage designs, logos etc. Unsuspecting users would then be drawn to sharing sensitive information, such as credit card details.

The recent phishing scam involving OCBC Bank featured a form of brand imitation, where the attackers sent imitation SMSs posing as the bank to unsuspecting victims claiming that there were issues with their bank account or credit cards. The victims would then log in using the link provided, only to lose their savings.

Social media has also become an increasingly popular hunting ground for cyber criminals as personal information has become so easily and readily available. Instagram posts on birthday celebrations or even photos of home office setups during lockdowns may seem innocent, but they could expose users, and put personal and critical data at risk. Hackers can use this information to build a convincing impersonation, which could then be used to target victims with phishing scams.

Lastly, as more and more SMEs move to cloud-based services for storage, sharing and collaboration, malicious actors will target the cloud and exploit its vulnerabilities. According to CrowdStrike’s Global Threat Report 2022, one common tactic is credential theft, where hackers host fake authentication pages to harvest authentication credentials for cloud services such as Microsoft Office 365, and use these credentials to access users’ accounts.

How SMEs can protect themselves

Apart from implementing cybersecurity tools, SMEs should also raise the awareness of cybersecurity among their employees through training. Photo: Canva Pro

As cyber attacks become increasingly sophisticated, SMEs also need to adjust their approaches to cybersecurity. Technology improvements have helped to lower the costs of digital solutions and has also led to high-quality but easily accessible cybersecurity software.

With many SMEs employing a distributed workforce, beefing up endpoint protection is crucial for companies in securing their remote and on-premise workforce. Organisations should make sure their computers’ software, as well as anti-malware and anti-virus tools are up to date.

Taking this one step further, more integrated solutions such as a combination of CrowdStrike, Netskope and Okta that securely enable remote work at scale should be deployed, especially for SMEs with a large, distributed workforce. These solutions provide what is known as “endpoint security”, which provides protection from the individual users’ smartphones and laptops all the way through to company servers and cloud ecosystems.

These “cluster” type solutions protect the SME’s endpoints (i.e. mobile phones, laptops etc), provides web and cloud security and data protection, and offers strong identity management. The combination is designed to address the security gap that businesses face as they undergo digital transformation (e.g. transitioning their IT from on-premise to cloud) and cloud application adoption.

However, cybersecurity tools alone are not enough in preventing cyber attacks. Companies should also raise the awareness of cybersecurity among their employees through training.

Education on observing basic cyber hygiene is key. This includes changing passwords regularly, employing two- or multi- factor authentication, as well as ensuring that employees working remotely use company-regulated hardware instead of their personal laptops or phones, which may not be as secure.

Given that remote working is here to stay for the foreseeable future, and hackers will continue to become more sophisticated, SMEs need to step up their game in order to combat future cyber threats. A holistic approach to cybersecurity involving both individual efforts as well as a top-down approach is crucial to protecting companies against attacks.

About the Author

Joey Lim | Country Manager, Singapore | Exclusive Networks

Joey Lim graduated from the University of London (SIM) with a Bachelor of Science in Management, First Class Honours with silver award. With over 20 years of IT and sales excellence experience, she has effectively streamlined sales team structure, drove transformation and profitable growth, demonstrated a proven track record in maintaining high potential talent retention, and nurtured and developed the next level of leadership. Joey joined Exclusive Networks in 2020 as the Country Manager for Singapore. Prior to joining Exclusive Networks, she worked in Reseller, Vendor & Distribution organisations.