Small and medium-sized businesses (SMBs) need to pay attention to cybersecurity to keep their own IT environments and their customers’ data safe, especially since there has been an upsurge in cybersecurity attacks globally – and South Africa has not been spared.

There has been 30% year-on-year increase in cyberattacks globally, with Africa experiencing the highest volume of attacks per organisation per week, according to a Check Point Research’s Q2 2024 report.

Almost all SMBs today have some type of technology infrastructure and are connected to the internet in some way to conduct their business. They can’t effectively operate without technology or being online in today’s world, and SMBs are not immune to cyberthreats.

“All SMBs have a basic IT infrastructure, which needs protection, but they might not have insight and the correct security controls to safeguard their environments. They need more than just general IT management; they need improved governance of their IT security,” says Hugo Strydom, director at CyberStack.

CyberStack, a cybersecurity solutions provider, is focused on assisting SMBs to fortify their IT environments and become cybersecurity ready.

The 2024 Cisco Cybersecurity Readiness Index found that only 3% of respondent organisations qualify as mature with regards to cybersecurity. The index found that the evolving threat landscape, resource challenges and complexity of networks, as well as cloud and applications, are taking a toll on today’s organisations.

Security assessment importance

There are a number of cybersecurity frameworks that could be utilised, including ISO 27001, Centre for Internet Security (CIS) Top 18 and the National Institute of Standards and Technology Cyber Security Framework (NIST CSF).

“We generally follow the CIS Top 18 framework and cybersecurity controls as a solution for SMBs, because they can relate to this framework better. It is uncomplicated and fit-for-purpose and is effective in addressing the needs of most SMBs’ cybersecurity concerns,” notes Strydom.

SMBs require a comprehensive cybersecurity assessment of their IT environment to be completed when they are looking at cybersecurity management solutions.

“We always start with a vigorous cybersecurity assessment when we work with a new client. This allows us to identify where their most important cybersecurity areas of concern are, and we can then determine what is needed to address those issues, giving us a basic plan of remediation,” he says.

CyberStack uses CyberXposure to perform assessments of SMBs’ IT environments, which draws up a risk matrix that highlights where exactly the company’s cybersecurity gaps are.

Key cybersecurity controls

According to the Interpol Cyberthreat Assessment Report for 2021, 90% of African businesses were operating without the necessary cybersecurity frameworks in place. This motivated the company towards decreasing this figure among South African SMBs.

Following the CIS Top 18 framework, CyberStack sees the following as the key controls for SMBs: Most important is to identify what IT hardware assets an SMB has (control 1). Secondly is to identify what software an SMB runs on those hardware assets (control 2).

“These are the first two key controls that need to be addressed, not only for SMBs, but any sized business,” says Strydom.

“From there, we look at implementing data protection (control 3), malware defences (control 10), as well as e-mail and web browser protection on those assets (control 9). We consider all of these as the key security controls to address without delay.”

Secure configuration of assets and software (control 4) is another CIS Top 18 cybersecurity control, which Strydom considers a key control for SMBs. This control secures end-user devices, including portable and mobile; network devices; non-computing/internet-of-things devices; and servers, as well as software (operating systems and applications).

A lot of SMBs use cloud-based applications for their operations, and while these applications have several security settings, out of the box these settings aren’t always enabled by default.

“SMBs don’t always know about these additional settings that need to be enabled. CyberStack will ensure that this is checked and that the necessary controls that apply for individual SMBs are in place,” Strydom says.

Start cybersecurity immediately

For SMBs, depending on the size of their IT environment, there are a lot of common cybersecurity controls CyberStack can implement and imbed within six to 12 months.

“To implement the full CIS Top 18 cybersecurity controls takes us between 12 and 24 months. The sooner we start, the sooner the SMB will be adequately protected and the better its cybersecurity posture will be,” Strydom says.

Cybersecurity threats will continue to increase as technology advances. Get a specialised cybersecurity provider, like CyberStack, to help identify your business’s specific cybersecurity needs and to implement key controls to ensure your SMB stays safe and secure, now and into the future.

About CyberStack
At CyberStack, we’re dedicated to fortifying your IT environment with state-of-the-art cybersecurity solutions and comprehensive IT services. With over 50 years of combined experience in the industry, we’ve evolved into a trusted ally for businesses seeking to enhance their cybersecurity, streamline their IT operations, safeguard their data, optimise their IT infrastructure and propel their business forward.