Small and medium-sized enterprises (SMEs) are the backbone of any economy as they bring growth and innovation to the communities in which they operate. However, cyber-attack is one of the biggest threats to these companies, says Marketing Expert Andrew Huang.
More than 60% of SMEs do not have a data security policy, according to UNODC, the UN Office on Drugs and Crime. A recent study by FireEye, an American IT security company, found that more than 90% of SMEs worldwide have outdated IT security, which is why cybercriminals are bypassing multiple layers of security to attack them.
Moreover, 58% of SME executives minimise the risk of cyber-attack and do not think it is important, said the Ponemon Institute, an American research centre for data protection and information security.
« These figures clearly show that most SMEs do not have the capacity to defend themselves against this growing threat and do not even know when they have been the victims of a cyber attack because they do not have the tools to identify them. Their digital assets could be unprotected and at risk, even without their knowledge, « says Andrew Huang.
« Ransomware based on encryption encrypts files stored on computers and can spread over the network, preventing these companies from accessing their own data, » he explains.
Ransomware is a common cybercrime attack technique that sends the victim malware that encrypts all of their data and asks for a ransom in exchange for the decryption password.
According to this specialist in Synology, a company based in Taiwan, these types of ransomware are becoming increasingly sophisticated and may not be detectable by anti-malware software until it is too late. Once infected, a company can be deprived of its own data and there is no guarantee that it can be recovered even after paying a ransom.
Teleworking at risk
In this period of remote working, Andrew Huang believes that many SMEs have become vulnerable to cyber-attacks by distributing their data across multiple platforms and devices.
“While these new work models can contribute to business productivity, dispersing your data across servers, virtual machines, personal computers, and cloud/SaaS applications like Google Workspace and Microsoft 365 could actually put them at risk,” Huang warns.
“To secure data and comply with governance and compliance regulations such as the GDPR (General Data Protection Regulation), all devices and platforms must be backed up in a unified manner. However, this type of data management can become complex when some platforms are only compatible with specific backup solutions. In addition, it can be difficult to avoid costly licensing fees when software and hardware storage devices are purchased separately,” says Andrew Huang.
