Cybersecurity for SMEs: Stay Ahead in the Flux of Change!
Cybersecurity has become a necessity no matter your business size.
The growing momentum of digital transformation of business, thanks to the pandemic, has created a ripple effect of the need for greater protections. While Australia may not be a leader in this space, other countries and regions are tightening regulatory measures. So, if your company does business with people based in areas such as Europe, for example – you’ll have greater responsibilities.
You may want to invest in cyber security skills in-house or outsourcing, but that’s where CEOs’ second top risk comes in, finding the right talent in the tight labour market. KMPG says Australia needs about 6.5M digital workers within the next three years.
Digital technology is the theme linking CEOs’ top five risks for 2024, including regulation, digital transformation, and cost controls. Most businesses, though, view technology as a ‘black box’ and their staff’s digital literacy has limitations. The KPMG survey found that CEOs tend to feel out of their depth to deal with:
- Cyber attacks
- IT system failure
- Software upgrade malfunction
- Detecting spyware.
And those risks are within their business, what about the business ecosystem in which SMEs operate?
Supply chain attacks
Your business may have the right staff, ongoing training, robust systems, and processes to shield against the worst of cyber breaches. But what about your supply chains? And those of your suppliers?
According to the World Economic Forum (WEF), more than half of organisations across the globe say they don’t understand cyber vulnerabilities in their supply chain and third-party risks. They lack visibility into their supply chains. This is concerning because a 2023 report found that 98% of organisations have a link with one or more third parties that have experienced a breach since 2021.
How can your SME ‘vaccinate’ itself against those kinds of close encounters?
The WEF report talks about establishing common ground with those in your supply chain, regulators, government agencies, and industry peers. You can do this by implementing these overarching goals:
- Enhance the quality and quantity of industry collaborations, ask your supply-chain partners for proof of their cyber security updates every 12 months
- Gain clarity about regulations
- Invest in cyber insurance to protect your business.
The rise of doppelganger
An emerging cyber risk for SMEs is the advent of doppelgänger, criminals who steal identity to access vulnerable accounts in businesses or organisations. These ‘bad actors’ use legitimate users’ digital identities leaving the latter unawares.
Here’s the havoc doppelgangers could wreak on your business:
- Ransomware attacks
- Significant business interruption
- Financial losses
- Long-term reputational damage
- Potential regulatory penalties.
Keep a close eye on who’s authorised to access the IT accounts in your business. Ensure they practice top-notch digital hygiene and preventative methods to boost your IT system’s health and security. Basics include two-factor authentication, frequent password changes, and regularly reminding staff, managers, and board members not to click on malicious links.
Similarly, lookalikes should also be on your radar. For example, criminals may use letters like the bona fide email domain name of one of your suppliers. Cyber security firm Kaspersky offers this one: You receive an email sent from the address JOHN@MlCROSOFT.COM. That looks kosher, or does it? Their address is john@mLcrosoft.com.
Another cyber hacker tactic is to register a website domain in languages that don’t use the Latin alphabet. This means ‘you won’t be able to distinguish if they’re using a Greek “ο”, Russian “о”, or Latin “o” in, say, a supposed ‘Microsoft’ website. So, it’s not just misspelt domain names you should be alert to.
New challenges of AL and cyber
Generative artificial intelligence (GenAI) keeps gathering steam. IBM’s Security Intelligence update lists these issues on the horizon:
- GenAI makes ‘customer acquisition’ easier for cyber criminals – they’ll crunch through big data swiftly to create profiles for would-be targets
- AI will be used to scale a malicious campaign – much like the supposed inaugural cyber attack circa 1988, called the Morris Worm
- Embedding AI into your IT infrastructure creates new risks, so focus on your critical data
- Cyber security analysts will be elevated within their organisation in line with their greater responsibilities
- Criminals will ‘harvest now and decrypt later’ when quantum computing becomes more available.
There are no silver bullets for this year’s suite of new cyber security risks. Ensure risk management is part of your everyday processes. We’re here to help you customise insurance coverage for these new cyber risks.
Book An Appointment
Submit a Claim
Contact Us