- 58% of cyberattacks target small business.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyberattack.
- 48% of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
The global Cyber Exposure Index ranks South Africa sixth on the list of most-targeted countries for cyberattacks, with the highest concentration of exposed businesses scoring 300+ on the Exposure Index (representing extreme exposure).
Based on data collected from publicly available sources in the dark Web, deep Web and data breaches, the Cyber Exposure Index ranks companies based on the number of findings sourced and the risk that those findings represent.
According to the Microsoft Security Report South Africa 2017, the most common malicious software category in South Africa in 2017 was Trojans, encountered by an average of 3.85% of all computers each month, followed by worms (encountered by an average of 0.91% of all computers each month, and then obfuscators & injectors, which were encountered an average of 0.3% of computers each month.
South Africa is a particularly attractive proposition for cybercriminals, and while the Cyber Exposure Index reveals that much of the data collected are from large enterprises and small and medium enterprises (SMEs) are particularly vulnerable. Being smaller doesn’t make you immune to the attacks that large enterprises face — just the opposite in fact!
Find out how to protect your SME with Microsoft Office 365 — download the white paper today.
The need to mitigate cyber risks within the SME space
While data breaches that affect millions of Facebook users make headlines, SMEs going out of business because of a malicious software attack do not.
According to Verizon’s 2018 Data Breach Investigations Report, 58% of all breach victims were categorised as small businesses, and there is every reason to believe that South Africa follows this trend, particularly as many SMEs believe they lack the funds to invest in top-tier cybersecurity.
The PwC 2018 Global Economic Crime Survey ranks cybercrime as the second most frequently reported type of fraud and identifies it as the most disruptive and serious economic crime expected to impact organisations in the next two years.
While cloud solutions have made enterprise-grade cybersecurity available to SMEs, the fact remains that many small and medium businesses either do not know what’s available to them, or don’t believe they’re targets.
The net result is that SMEs remain vulnerable to attacks and often lack appropriate response and resilience capabilities that can restore normal operations in the aftermath of a successful cyberattack.
Consider a denial-of-service threat — an attack meant to shut down your machines or networks, making them inaccessible to intended users. These attacks often target SMEs because hackers know how devastating the cost is when time and efficiency mean money — and the difference between an SME’s ability to keep the lights on and salaries paid or close its doors.
Large enterprises can survive cyberattacks. For SMEs, they can be far more devastating.
SMEs also might be smaller targets, but they’re attractive nonetheless, mainly because hackers expect that they don’t have the available cash flow to pay for expensive IDS and IPS DDoS protection, making them attractive targets. SMEs are also “softer” targets that hackers can use to access the data of larger, enterprise clients.
What does all this mean for SMEs, though? There’s a reason that hackers take a chance on SMEs — many businesses in this space don’t have IDS and IPS DDoS protection. They are softer targets.
Further compounding the risk for SMEs is legislation such as Europe’s General Data Protection Regulation (GDPR), which threatens fines of as much as R300-million should a European Union citizen’s personal data be compromised due to ineffective data protection. The South African Protection of Personal Information (Popi) Act also puts the responsibility for the protection of personal data squarely on the shoulders of businesses — and SMEs are not exempt.
In the event of a data breach, SMEs face a dual risk as the cost of recovery is possibly matched by the hefty fines imposed by the South African and EU governments, not to mention the reputational damage that may result.
- This promoted content may have been paid for by the party concerned