Intelligent SME.tech Issue 46 | Page 21

intelligent

// EDITOR ’ S QUESTION ?

WILL GRAY , DIRECTOR OF NORTHERN EUROPE , SECURITYSCORECARD

A s organisations and individuals become increasingly dependent on digital infrastructure , cybercriminals are quickly adapting their tactics , techniques and procedures . The scale of the issue can seem daunting to SMEs , particularly when even the most well-prepared and well-funded security teams are sometimes no match for sophisticated threat actors . For instance , a recent report analysed the cybersecurity of the UK ’ s FTSE 100 and found that 97 % of those companies had experienced a breach in their third-party ecosystem in the last year .

While large enterprises typically make the news in the wake of massive cyberattacks , the downstream impact on small- and mediumsized enterprises ( SMEs ) can be devastating . Take , for instance , the cyberattack on Change Healthcare , a major player in medical claims processing in the United States . With the company forced to disconnect over 100 systems , medical claims processing stopped , which brought many SME medical providers to the brink of closure .
So , what can an SME do to protect itself ?

1

Identify single points of failure : This means mapping the critical business processes and technologies to the people that power them to identify any single points of failure . Additionally , it ’ s key to figure out the third parties that Business Continuity depends on and create a ‘ watch list ’ to keep an eye on these ‘ single point of failure ’ vendors .

2

Continuously monitor your external attack surface : Take advantage of automation to continuously scan your IT ecosystem for control weaknesses .
From there , alerts will be directed to a security incident and event management ( SIEM ) system .

3

Collaborate and communicate with vendors : Identifying cybersecurity concerns across your global vendor landscape and partnering with those vendors to improve is key . Use an automated solution that passively monitors your vendors ’ IT deployments to give you valuable visibility into how well they manage cybersecurity risk .

4

Operationalise vendor cybersecurity management : To save considerable amounts of time , employing a cybersecurity managed service can streamline vendor management for your business . Cybersecurity managed services can own communication directly with third parties to resolve issues on your behalf , including providing support that enables risk resolution .

5

Additional cybersecurity measures : In addition to these steps , SMEs would benefit from increased employee awareness training to ensure that all staff members and stakeholders are trained in cybersecurity best practices . An organisation is only as strong as its weakest link , so teaching everyone how to recognise phishing scams or malware attacks is a key step in bolstering cyberdefences .
It ’ s also important for SMEs to periodically assess supply chain systems and digital processes for vulnerabilities , while also keeping all software used throughout the supply chain up-to-date , including security patches that protect against recently discovered threats .

THE SCALE OF THE ISSUE CAN SEEM DAUNTING TO SMES , PARTICULARLY WHEN EVEN THE MOST WELL- PREPARED AND WELL-FUNDED SECURITY TEAMS ARE SOMETIMES NO MATCH FOR SOPHISTICATED THREAT ACTORS .
Intelligent SME . tech
. tech
21