Securing SA SMEs: Protect now to ensure tomorrow

Knowing they are prime targets for exploitation, but being unable to afford in-house expertise, SMEs turn to managed service providers for cyber security.
Ethan Searle
By Ethan Searle, Business development director, LanDynamix.
Johannesburg, 24 Jun 2024
Ethan Searle, business development director, LanDynamix.
Ethan Searle, business development director, LanDynamix.

Small and midsize enterprises (SMEs) are defined as businesses with revenues, assets, or a certain number of employees below a set threshold. Moreover, different countries have their own definitions of what constitutes an SME, and with various guidelines across industries.

South Africa's Small Business Institute reports 90% of all businesses in the country are deemed SMEs − this contextualises the high rank of this sector in our economy due to its vital contribution to the GDP and, of course, it employs millions of people.

The institute notes SA’s SMEs employ 50% to 60% of the workforce and contribute around 34% to the GDP, making them an essential cog in the wheel of job creation, innovation and economic growth.

Given its impact, it is no surprise the SME sector is a prime target for cyber criminals.

The local failure rate for small businesses is one of the highest in the world, with approximately 80% of them failing in the first five years, notably due to issues that include a lack of access to tools and technology, skills deficit, market access and lack of funding.

Business owners carry an enormous responsibility to safeguard their own company’s data, as well as that of customers.

This is a daunting statistic for any entrepreneur in a start-up business focused on growth and building the operation into a saleable entity that will yield an income for life in retirement.

Let's take a quick look at the technology issue, the hardware and software, or lack thereof. Technology is a major business enabler that provides SMEs with the ability to reduce costs, gather and manage important information around customer buying habits, competitor activity and more.

The trick is having the most up to date technologies and knowing how to use it to gain maximum business advantage, and in today's digital age − how to secure it. This is where managed services comes into its own. One of the major advantages for small businesses that take this approach is cost, as often an outsourced team suits SME budgets better than managing a full internal team.

Forbes lists various reasons why SMEs should consider working with a managed services provider (MSP) and kicks off with the importance of cyber security. It notes the IT spending gap between enterprises and SMEs should not translate into weakened security for smaller organisations.

The global media company highlights the shift in today's workplace model from in-office to hybrid, to full remote. This turn of events has left IT teams with the task of securing an office model that was never anticipated.

Forbes cites Verizon's 2021 Data Breach Investigations Report, which reveals SMEs face increased threats of security breaches, with the alarming statement that they are faced with challenges as significant as those posed to large enterprises equipped with security operations centres and large IT teams.

The ability of SMEs to counter these threats is often inadequate. There are myriad of reasons for this, most notably the lack of resources available to SMEs to keep pace with the latest developments in cyber security.

Why? Costs for one thing − it is a daunting prospect for a small business to take on top/scarce and expensive cyber skills in-house. Then of course, there is the issue that business owners need to focus on running their businesses and not trying to be jack/master of all trades − IT, security and more.

Business owners carry an enormous responsibility to safeguard their own company’s data, as well as that of customers. In being blasé about this issue, they risk hefty fines for being in breach of compliance regulations and suffering permanent damage to the company's reputation in the market.

MSPs can deliver streamlined and cost-effective security measures and globally-competitive knowledge/technical skills without the headache and cost of hiring in-house.

Forbes confirms many SMEs are turning to MSPs for IT management and security, which is reflected in recent predictions that managed security services will grow from $31.6 billion in 2020 to $46.4 billion by 2025. A managed service can provide high levels of flexibility and scalability without the cost or complexity of enterprise solutions.

An MSP can provide invaluable guidance on best security and IT practices. Never underestimate the insider threat, whether it is through ignorance or malice − the damage inflicted from the inside can be significant. SMEs are identified as being reliant on passwords, usernames and combinations thereof. Forbes notes:

  • 47% of SMEs allow end-users to re-use passwords across personal and professional accounts.
  • 29% of SMEs rely on human memory for storing passwords.
  • 15% of SMEs use no tools whatsoever to protect or manage passwords.

These stats show this situation is nothing short of a ticking time bomb.

Driven by a desire to steal money through either extortion or theft directly out of bank accounts, cyber criminals are focused on accessing data. The main risks for small businesses are cited to be malware − software programs spread through internet downloads.

Phishing attempts are popular with cyber criminals who send bogus e-mails that purport to come from customers, suppliers, even managers/execs within businesses, all with one goal: to trick the recipient − staff − into opening attachments containing malware or entering login details on fake websites.

There’s also ransomware − extortion − locking down systems and the SME’s ability to trade until it is parted with its hard-earned cash.

SMEs are ripe for exploitation and there are many ways this can be done. But there are many ways it can be avoided through guidance from a knowledgeable and highly-skilled MSPs delivering not only best practices in cyber security, but advice on the right technology solutions that will grow and secure the business.

My next article will explore how technology can be a major driver of a company's sustainability, as it strives to turn into a desirable investment acquisition for potential buyers when wanting out.