Technology for MSMEs: The term cybersecurity has been much discussed in boardrooms, even more so in the last year, as the pandemic stirred enormous disruption across industries, leaving businesses affected regardless of their size. While cybersecurity has been emphasized more in recent times, it must be noted that cybersecurity has gained prominence only about five to six years ago. It was the phase when novel technologies such as artificial intelligence, big data, and analytics had become the buzzwords and digital transformation journeys of many large organizations were in the nascent stages. As big enterprises began their digital transformation initiatives, the associated security threats were realized, which eventually underlined the need for advanced security strategies.
Organizations with huge IT infrastructure and dedicated IT teams led by Chief Information Officers and Chief Technology Officers, were equipped with the right resources to gain an understanding of the evolving threat landscape and plan their strategies accordingly. These big organizations in the Indian market largely include those in the BFSI industry, which is at the helm of investments in emerging technologies and advanced cybersecurity frameworks. The banking sector is more tech-savvy now than it was a decade ago.
Over a period of time, however, the focus on cybersecurity has taken the shape of an inverted pyramid. What was once initiated and adopted by big corporations in specific industry verticals has now gained acceptability among the mid-market and smaller businesses as well, or commonly referred to as MSMEs.
The trend has reached the middle and bottom of the pyramid, but the level of awareness and implementation of cybersecurity is still debatable. This can be understood from events in the last year. As the pandemic struck and disrupted businesses, the big organizations have been less affected because they had a robust IT and cybersecurity infrastructure to absorb the impact. Whereas, MSMEs have been hit hard, faced by cyber-attacks from every direction. This has made small and medium-sized business owners realize their exposure to cyber threats, how it can affect their business, and the need to understand advanced cybersecurity practices. Reiterating the popular saying, “experience is the best teacher”, MSMEs have learned a lot about cybersecurity through their challenging experiences. This has brought a significant change in their outlook towards the business.
The fundamental challenge for MSMEs is the lack of understanding of the quantum of a cyber-attack. Unlike large companies, small businesses don’t have dedicated teams for Cybersecurity and cyber defense. While some medium-sized firms may have a limited IT resource, they might not be skilled enough to understand today’s complex and evolving cyber threat landscape. Limited capital often acts as a hindrance in hiring highly skilled resources. While this is a challenge, it can be overcome up to a large extent with several measures, starting with awareness.
Awareness forms the crux of a robust cybersecurity framework for any establishment, irrespective of its size. The cybersecurity journey of any MSME should fundamentally start from an awareness level. It is critical to invest in upgrading their knowledge about the market that their businesses operate in, what are most prevalent cyber-threats affecting them and what are the most critical assets of their businesses. It’s only when MSME entrepreneurs understand what is at risk and what to protect, that they can identify the right cybersecurity solutions to implement.
In a service rendering business such as a law firm, for instance, the most critical asset would be the knowledge of their people and critical information stored on computers in the form of documents. The cybercriminals planning an attack would want to cause maximum damage to the firm by identifying the most valuable asset of the company, finding vulnerabilities, and launching an attack such as ransomware, wherein information is held hostage and a ransom is demanded, similar to a hostage situation shown in movies. Hence, awareness regarding the threat vectors is imperative. Furthermore, foundational awareness also helps in mitigating the cyber-attack and identifying a plan of action in case of any incidents.
Another major factor is the level of awareness; it plays an instrumental role in building cyber immunity among businesses. Cyber immunity can be achieved only when business leaders realize that building their own awareness is not enough. Sensitizing your staff, partners and customers hold equal significance. All stakeholders need to gain the same level of cyber hygiene in order to build a truly resilient business environment. Technology must be looked at as a tool that can be leveraged to strengthen the cybersecurity posture, however, humans are still pivotal in any MSME. If one link of the human chain is weak, it could compromise the entire business operation. Machines don’t make mistakes, humans do, hence, empowering the workforce is a key step in the cybersecurity journey.
While we discussed how awareness at all levels is imperative, many MSME entrepreneurs might lack direction in terms of how to build awareness in the first place. India is an MSME hub, with many new entrepreneurs emerging from Tier 2 and Tier 3 cities selling diverse products and services – a large proportion of this MSME ecosystem is going digital. The internet marketplace has catalyzed their growth opportunities in a way that was never seen before. The MSME economy is driven by entrepreneurs from various walks of life and only a few might possess basic IT knowledge. They may need to engage with local authorized channel partners who would help them in risk assessment and suggest the right cybersecurity solutions. Whereas medium-sized organizations with adequate capital could engage with consulting firms and managed security service providers who could not just provide visibility of the threat vectors, but also provide managed cybersecurity services, without requiring the business to invest in skilled IT security resources.
To conclude, as MSMEs realize what’s most critical for their business, how it can be attacked, and what could be the impact of such adversity, it will help them identify the right kind of cybersecurity solutions that they should implement and get the best out of their investments.
Dipesh Kaura is General Manager at Kaspersky (South Asia). Views expressed are the author’s own.