For the production fabric in general and for Spain in particular, SMEs play an important role. According to CEPYME (Spanish SMEs business organization), companies with 10 to 49 workers have had a very high employment generation rate in recent years and are now struggling to find qualified workers.
CEPYME warns of around 100,000 unfilled vacancies, which together with other problems such as rising raw material and energy costs, in addition to financing problems (with the continued increase in interest rates), adds yet another big problem: cyber-attacks.
Increase & evolution of cyber-threats on SMEs.
In recent years, we have seen how cybersecurity threats have, if anything, increased in number and complexity, with a lack of effective protection in SMEs, giving rise to the perfect storm. Cybercrimes are continually growing. Currently, research reveals that a fifth of all crimes committed in Spain are online, while traditional crimes are decreasing. This is due to the popularization of new technologies and Internet, to which we all have access as individuals, but which is key to companies. Businesses need digitalization to improve their processes and operations, and to interact with customers, where the center of everthing is the data that they handle.
For cybercriminals, data is very valuable. For example, they can use bank accounts, personal details, credit cards, etc., for extortion or profit purposes. Today’s cyber-attackers have access to a wide range of tools, such as Phishing and malware. Also, the Internet lets them communicate, work together and operate like an organization, with a structure just like any other technological company, where they adapt and devise new ways of committing crimes that they can benefit off of (e.g., Phishing campaigns).
According to a Hiscox report carried out in several countries, 44% of SMEs suffered at least one cyber-attack in 2021, and these are expected to have increased in 2022. Cyber-attackers have been focusing their attention on small and medium-sized companies, where security measures are usually lax or even non-existent. This is due to lack of awareness or the false belief in SMEs that cyber-attacks only affect large companies. It is a problem that has become acute, since for an SME, the consequences of any stoppage in its systems can be so grave they can even lead to closing the business. And this has been the case for many SMEs in the past year. They are also a common target of extortion asking for a financial ransom to release data, or victims of theft of personal information.
For the most part, threats are usually related to loading a Crypto locker Ransomware, or stolen credentials, which can reach companies through any of various cyber-attack vectors:
1 Attack vector distribution
- Phishing: commonly carried out over the Internet, this type of fraud involves sending emails or text messages that appear to come from a reputable source (e.g., our bank or a transport company), with the intent of obtaining confidential information, such as passwords or bank account details.
- Ransomware: a type of malware that downloads onto a computer and blocks access to data or programs until a ransom is paid.
- Other types of cyber-attack: these may be related to privacy, use of surveillance cameras to obtain videos and images, collection of personal data, photos, documents, and so forth.
How SMEs can protect themselves from these cyber-attacks.
There are a wide range of security measures that can be taken, and not all of them are so expensive as to be unaffordable for these companies. Adhering to a few guidelines is paramount, as is the use of accessible tools that support said SMEs:
- Use of strong passwords: Using sufficiently complex passwords for all your accounts while avoiding re-using the same password for all sites.
- Verify the veracity of messages: always question whether the received message comes from whoever claims to have sent it, and check this if possible. Never click on or reply to links within a message.
- Enable two-factor authentication: Two-factor authentication is an extra measure of security that requires entering an access code (such as a password or verification code sent over SMS) to access an account.
- Keep devices up to date: It is important to keep devices updated with the latest available versions of operating systems, and to update programs with security patches to prevent vulnerabilities that cybercriminals can exploit.
- Use of an advanced Firewall: When working on a network where there are several computers with resources or data stored on them, a firewall device offering antivirus and browsing safeguards will help protect against malware and other types of cyberthreats.
- Using virtual private networks (VPN): A VPN encrypts your data before it is sent over the Internet when you work remotely. It also allows you to access network resources in a secure manner, which helps to protect against cyber-attacks.
- Data backups: A data backup policy that allows storing data outside the organization is a very important means of recovering business operations in the event of a disaster or cyber-attack.
All this together with other measures such as raising awareness among employees, so they understand the risks in relation to cyber-attacks. It might also be more than worth their while for SMEs to take out cyber insurance, which can cover them in the event of a cyber-attack that halts business, or negatively impacts their operations or financial situation. It could be the difference between a business closing its doors or being able to continue operations.
Proper security measures need to be put in place to ensure company operations. Some countries already have a strategy to protect this productive fabric. In the case of Spain, which has a larger number of these companies generating a good deal of employment, said strategy becomes key. The Spanish government has released some initiatives, such as the Digital Kit program, which fall under cybersecurity. This is a great help for SMEs with subsidies granted for the purchase of this type of solution.
New generation FW technologies (NGFW, VPNs, etc.) go a long way towards helping to protect companies’ local data, together with contractable cybersecurity services – such as browsing safeguards to prevent access to compromised sites and links, or email clean up services that can identify malicious links. Services with a lower total cost of ownership that are capable of covering multiple scenarios, are the best tools for companies.
Teldat is a leading provider in the cybersecurity space. With its tools like be.Safe, it allows the application of advanced security policies (with data protection) to remote users and sites. It also offers cloud-based cybersecurity services to block browsing threats (based on the reputation of the site being accessed) and analyze traffic in depth, stopping threats (including email-based ones) before they ever reach the users.