In 2020, Malaysian SMBs (small and medium businesses) reported a total of 6,512 cybersecurity incidents. In total, 84% of Malaysian SMBs have been affected by cyber threat incidents with 76% having suffered more than one attack. Based on this data, it is clear that cybersecurity adoption is no longer an option, but a necessity for small and medium businesses to carry out their operations without facing cyber issues.
SMBs play an important role in the economy. According to the Asian Development Bank, SMBs account for an average 97% of all enterprises in the Asia Pacific region, while in Malaysia SMBs accounts for 38.9% of Malaysia’s GDP in 2020. Outlining the importance of prioritizing their protection against cyberattack on a local and regional scale.
However, while many SMBs have recently become more aware of digital defense, there remains a considerable gap between the confidence they place in their cybersecurity capabilities and their actual cyber-readiness. Approximately 73% of SMBs in the region still don’t have a dedicated cybersecurity team, and only 53% have antivirus solutions in place. Yet as more and more SMBs move towards work-from-home arrangements, the need to secure private and confidential data has become increasingly pressing.
Experts have identified five areas that SMB leaders should consider in order to increase their chances of keeping cyber criminals at bay:
1. Awareness and policy make up the first line of defense
There is a common misconception that SMBs are less prone to cyberattacks than larger corporations. The reality is quite the opposite: because of their limited resources, SMBs typically deploy the same personnel to oversee multiple business departments. This leaves their security systems highly susceptible to external attacks.
Moreover, often new vulnerabilities arise during times of change or transition. The COVID-19 pandemic has accelerated the shift from physical to remote working environments, emboldening a growing ecosystem of attackers who can exploit vulnerabilities caused by unsecured devices and networks.
It is therefore critical for SMB employees to get educated on their businesses’ cybersecurity obligations, policies, and procedures. Most importantly, identifying where and how their assets, devices and data points are stored can help avoid unintentional disclosure of confidential information.
2. Take advantage of publicly available resources
Regular audits can help SMBs understand the level of protection they need, from policies that govern workflow, to protocols that ensure data security. Thankfully, there are a plethora of public resources available to ease this process.
Malaysian SMBs can tap into MATRIX, a programme spearheaded by The National Cyber Security Agency (NACSA) Malaysian Digital Economy Corporation (MDEC) and SME Corporation Malaysia (SME Corp) to enable SMBs to implement cyber security capabilities and be competitive in the digital economy.
Through this programme, businesses can tap into a cost-effective holistic cybersecurity solution such as critical server protection, 24/7 cybersecurity monitoring, secure digital signatures and cybersecurity advisory.
3. Look for simple, customized solutions that don’t strain the budget
Unlike larger businesses, SMBs do not have the flexibility to deploy large project funds for cybersecurity, as this may come at the cost of other key functions of their business.
By unifying their security technologies and sticking to fewer tools, SMBs can more quickly identify areas for orchestration and streamline cybersecurity processes.
Lenovo’s subscription and “as-a-service” models, for instance, offer SMBs flexibility and cost-efficiency without adding unnecessary headcount.
4. Be vigilant against the increasing prevalence of supply chain-based attacks
Many SMBs collaborate with larger organizations. These partnerships, however, can also lead to unintended cybersecurity consequences.
As contractors or vendors, SMBs cultivate a shared identity with and form a part of the supply chain of these organizations. In these scenarios, businesses expect regular security assessments and onboarding due diligence to be carried out by the enterprise in question. This abuse of trust between two systems, whether intentional or unintentional, is what cyber criminals take advantage of, giving rise to supply chain-based attacks.
Enterprises have started to make wholesale changes to their vetting approach as a result. Some are implementing a zero-trust network architecture, wherein vendors must prove they have met organizational compliance policies. Furthermore, an increasing onus is being placed on SMBs to abide by cybersecurity requirements that corporations are writing into contractor agreements.
5. Seek help from industry leaders
Remote and hybrid work can put SMBs at risk with an ill-equipped IT security workforce. With the bulk of time focused on growing their core business, SMBs often lack time to research new and emerging security threats. This results in an overreliance on outdated and inefficient technologies to identify breaches.
To counter this, SMBs can seek out partnerships with industry leaders and subject matter experts like Lenovo. They utilize a consultative approach to understand pain points and apply use cases to identify critical workflows that require robust infrastructure. In short, engaging the services of these experts can help SMBs “protect, detect, respond and recover.”
SMBs are the backbone of Malaysia’s economy – a backbone that deserves to be protected even as the world transforms.
By Varinderjit Singh, General Manager, Lenovo Malaysia