Since small and medium businesses, charities and not for profit organisations are now the bread and butter of cybercriminals targeting.
Isn’t it about time that we started to look at the reasons?
Reason 1 – SME’s have a lack of expertise!
The digital world is complex.
Every area requires a different set of skills and knowledge. There are areas where some of the skills and requirements flow from one area to another, but these are definitely an uncommon occurrence.
The skills to implement and manage a website are different from networking which in turn are different from the requirements for coding. Its not the fact they are different, the problem is the required level of skill to do it correctly.
Anyone with a little bit of help can write code, but to write it correctly, securely and properly requires years of skill and practice.
When it comes to the business world, we have a significant requirement for using the digital world. In most cases, we see the introduction of a digital component into an organisation as easy.
It is not. To implement and configure is easy. To implement and configure securely, correctly and in a way that will benefit the organisation takes more than a fundamental underlying knowledge.
Reason 2 – SME’s have a lack of time!
Most SME’s are doing more with less just to keep themselves in profit. Throw in another complicated process or system and they now have more to do with the same amount of time.
Business security takes time. To secure an organisation takes time.
A solution is to employ someone on staff to manage the ICT and we will then give him the role of security professionals. Getting someone with the required skills will cost money.
The second alternative is to enter a service level agreement (SLA) with a Managed Service Provider (MSP) and contract the support of the OCT and security to someone else. Again this requires the correct skills as well as culture.
Both options will free up some time.
Reason 3 – SME’s have a lack of money!
Security solutions for SME’s can be expensive. When it comes to technology and the integration of different technologies into the business environment we see some significant costs.
Comparing the costs of a breach to the costs of putting the right technology in place, it is a no brainer, but not until after the fact.
SME’s have the same compliance and governance of multinational corporations but do not have the resources to implement tier 1 or 2 technological solutions.
They make do with what is available and inexpensive not realizing the impact of these additional vulnerabilities can have on their business.
We know the problems here are some solutions
To reduce all three of these issues, as already mentioned is a contractual agreement with an MSP or a Managed Security Solution Provider (MSSP).
They bring the required expertise, they free up time and in most cases they are a viable and cost-effective.
A better solution is to look for an Organisation that has normal MSSP skills but has the capability to add additional security components around your Organisation.