South Africa is a particularly attractive proposition for cyber criminals. The global Cyber Exposure Index ranks South Africa third on the list of most-targeted countries for cyberattacks. Small businesses are not immune to this – far from it: one global study suggests that 58% of all breach victims were categorised as small businesses. . And without access to the same skills and technologies as larger enterprises, small businesses remain vulnerable to attacks and often lack appropriate response and resilience capabilities that can restore normal operations in the aftermath of a successful cyberattack.
Window of opportunity
Thanks to supportive legislation regarding enterprise development in South Africa, many SMEs are access points into far larger (and potentially more lucrative) supply chains. This means an SME may not be a cybercriminal’s ultimate choice of target, but a successful breach could expose larger organisations to attacks and leave the SME as collateral damage. The effects could be catastrophic in a country where 70% of SMEs fail within the first two years. Although no accurate data exists locally, government data in the US found that 60% of SMEs never recover from a successful cyberattack and close doors within six months.
Further compounding the risk for SMEs is legislation such as Europe’s General Data Protection Regulation (GDPR) which threatens fines of as much as R300-million should a European Union citizen’s personal data be compromised due to ineffective data protection. The South African Protection of Personal Information Act (POPIA) will also put the responsibility for the protection of personal data squarely on the shoulders of businesses – and SMEs are not exempt.
In the event of a data breach, SMEs face a dual risk as the cost of recovery is possibly matched by the hefty fines imposed by the South African and EU governments, not to mention the reputational damage that may result.
A cyber resilience strategy for SMEs
Consider that 91% of all hacking attempts are initiated via email: all it takes is one employee clicking on a malicious link, opening a compromised attachment or sending sensitive information to an imposter, and the business is left exposed to significant cyber risk. Small businesses are not left entirely defenceless in this regard.
Cyber resilience for email has emerged as a go-to strategy for businesses large and small in the fight against cyberattacks. Modern solutions that secure email are available to businesses of all sizes. The right solution should offer comprehensive protection against malware, spam, phishing and targeted threats like impersonation attacks and spear-phishing, while also simplifying and streamlining email management. Cloud-based security solutions allow SMEs to boost their cybersecurity by accessing security services they would not normally be able to afford.
Effective cybersecurity awareness training adds another layer of prevention to SMEs who may lack the funds to invest in top in-house cybersecurity skills. By empowering employees with the right training to identify and act upon potential cyber threats, SMEs create a human firewall around their critical business data.
The PwC 2018 Global Economic Crime Survey ranks cybercrime as the second most frequently reported type of fraud and identifies it as the most disruptive and serious economic crime expected to impact organisations in the next two years.
SMEs should stop believing that they’re too small for cybercriminals to care about. They care very much – too much, in fact. Organisations of all sizes need to seriously review how prepared they are for a cyberattack and ensure they have a comprehensive cyber resilience strategy in place. They should focus on how to reduce risk and business disruption by implementing solutions that provide comprehensive security controls before, continuity during, and automated recovery after an attack.
By Heino Gevers, Customer Success Director, Mimecast