// EDITOR’ S QUESTION //

Every month, we pose industry experts a question pertinent to the issues of the day. This month....

AJ Thompson, CCO, Northdoor

SMES MUST TAKE THESE THREATS SERIOUSLY AND UNDERSTAND THE CONSEQUENCES OF INADEQUATE PROTECTION. yberattacks are becoming

The threat from cybercriminals is increasing in regularity and sophistication. No longer just enterprise level organisations under attack, SMEs are now prime targets. Without better protection, SMEs face attacks with potential to damage infrastructure, finances and reputation.

Recent research reveals cybercriminals constantly attack UK SMEs, with half suffering an attack in the last year. Two-thirds of those attacked subsequently experienced increased incidents. This pattern is telling – once identified, vulnerable SMEs will be repeatedly targeted, increasing chances of breaches and significant damage.

Indeed, 54 % of SMEs have suffered financial loss due to cyberattacks. With today’ s acute financial pressures, any additional strain is potentially disastrous.

Research shows ransomware and phishing are the most common attacks on SMEs. Both target employees, often considered the weakest links within companies. This vulnerability has been exacerbated by pandemic-driven changes in working practices. With many employees working remotely, protection levels and concentration are frequently compromised.

Cybercriminals have recognised this, increasing their efforts and sophistication to trick employees into providing access to data and infrastructure.

When lockdown was introduced, SMEs quickly implemented solutions allowing remote work. This successful adaptation overcame business leaders’ technology concerns and boosted confidence in IT solutions.

However, this confidence sometimes became overconfidence, with companies rapidly implementing technology without necessary due diligence regarding integration with existing infrastructure. Some SMEs applied this approach to security solutions, implementing software addressing only specific problems. Such isolated solutions, implemented without understanding organisational vulnerabilities, leave businesses at significant risk.

With cybercriminals exploiting any weakness, proper security implementation is critical. A single solution is typically insufficient for comprehensive protection and regulatory compliance.

Many SMEs now turn to IT consultancies offering managed security solution ecosystems. This approach enables monitoring and countering multiple threats before business impact occurs. Managed services also ensure regulatory compliance, particularly regarding consumer data protection. Most SMEs operate with small IT teams; expert support not only enhances security but frees overstretched internal resources to focus on core business activities.

Cybersecurity threats will only intensify in coming months, with 64 % of European business leaders expecting a cybersecurity incident in the next 12 months. SMEs must take these threats seriously and understand the consequences of inadequate protection. Working with security experts provides access to experience, expertise and appropriate solutions needed to counter the growing threat landscape.

20 Intelligent SME. tech