CyberSecurity for Micro, Small and Medium Sized Companies.

Over the last couple of years, the number of SMEs that had been impacted by a CyberSecurity incident has increased by over 200% on an annual basis

CyberSecurity is a complex challenge. Companies these days can get compromised in many different ways. In principle, it doesn’t really matter whether a company gets hacked as a result of a human mistake, or whether it is a targeted attack from a malicious internet user. But for the sake of understanding, a short overview of some typical incidents taking place in todays days and age:

  • Data Loss : mistakenly losing a device, with sensitive and confidential information about the company, its customers. This could also mean theft, for instance if a laptop that isn’t secured gets stolen. Today most laptops use encrypted storage devices; but it still happens they aren’t. Some solutions that can be considered together with CYSSME : using full disk encryption, having an Endpoint Security solution in place, and capability of remotely locking the devices (such as mobile phones).
  • Ransomware : a piece of unwanted software that aims to cause harm such as encryption of data, that asks for a rewards (money or bitcoins) to get it restored. Some approaches that can be considered together with CYSSME : regularly inspecting systems for unwanted software, not allowing unregistered software to be installed, inspecting the end point device for malicious softwares, …
  • Phishing attacks : emails with a link that leads to a malicious website, or piece of software which will be downloaded to an endpoint, that subsequently is installed and can cause for instance ransomware to be executed or installs a mechanism that can exploit another vulnerability in the company (on a laptop, server, data storage unit, or elsewhere … ). Some approaches that can be used by CYSSME : training and informing employees about phishing emails, so they come to understand and be better capable in identifying; using a network blocking device that prevents to access known malicious websites; having protection mechanisms in place to avoid downloads of malicious softwares, …
  • Vulnerability exploitation : malicious internet users run their business in scanning the internet for vulnerable websites, servers and devices so they can exploit them, and ask you for payment to get it undone. If your website is not running the most recent and secured software, basically errors or mistakes or faults that were only discovered after it has been released. These “openings” can be exploited by criminals. Solution : continuously scanning for known vulnerabilities and openings in your systems, through outside so called Attack Surface Management tools.
  • Business Executive Fraud
  • Social Engineering

Small businesses increasingly face the same cybersecurity risks as larger companies, but usually only about 28 percent of the companies rate their ability to mitigate threats, vulnerabilities, and attacks as highly effective. Many companies consider incidents against their companies are targeted and sophisticated with severe financial consequences. According to recent findings in Europe, the weakest link in these companies’ security posture is the negligent insider or contractor as they are considered the number one reason a company can have a data breach, phishing attack or a ransomware attack. Phishing attacks and advanced malware/zero-day attacks are continuously on the rise. Research has indicated phishing/social engineering attacks increased from 52 percent in 2018 to 60 percent in 2021 and advanced malware/ransomware attacks increased from 24 percent to 45 percent. Almost three quarters of ransomware attacks result in the data being encrypted. 71% of organizations were hit by ransomware in the last year. But thanks to increased CyberSecurity measures, criminals succeeded in encrypting the data in (only) 35% of these attacks.

Small and Medium sized companies are companies with a turnover of up to 50 million EUR on an annual basis and up to 249 employees. Micro-enterprises have a turnover of up to 2 million EUR and up to 9 employees.

To strengthen their cybersecurity postures, reports usually indicate that companies need more in-house expertise and budget. However, almost half of the SME executives admit they have no understanding of how to protect their companies against cyber-attacks, which indicates a far deeper challenge than only budget, or awareness issues.

Fundamental to the CYSSME concept is the identification of the need also for MEs and SMEs to transform digitally. Digital Europe and the European Recovery Plan Cyber addresses the need for direct investment for the deployment of innovative digital technologies relevant to this call on cybersecurity, AI, advanced digital skills and ensure a wide use of these digital technologies across the economy and society. CYSSME also responds to the current NIS  Directives, Directive (EU) 2022/2555 replacing Directive (EU) 2016/1148. More specifically this activity will support  to support a better cyber crisis management structure, increasing the level of harmonization regarding security requirements and reporting obligations by focusing on a wider scale of CyberSecurity Maturity assessments, supporting mechanism in order to an improved supply chain CyberSecurity, doing improved vulnerability management, improving core internet and cyber hygiene that will national cybersecurity strategies. By implementing CYSSME the project will contribute to covering a larger share of the economy and society by including more sectors (manufacturing and e-commerce SMEs) which means that more entities are obliged to take measures in order to increase their level of cybersecurity.

Needless to mention that many SMEs reach out to us (all individual partners) on a daily basis, seeking assistance, guidance and support the moment that they have been breached. While the overall level of maturity on the various axes of CyberSecurity (see later) remains rather low, there is a vast increase in awareness and willingness to change. CYSSME partners have been addressing some of the mismatches in the CyberSecurity skills gap by organizing actions in increasing digital maturity, providing better access to guidance, education and training from a sectorial approach and providing financial means to overcome financial constraints. Partner LSEC is supporting this already today through its activities within the European Digital Innovation Hub for Flanders – Belgium DIGITALIS; but also partners BA and Toreon actively partipate in the VLAIO – Flanders government Cyberverbetertrajecten. With CYSSME the partners jointly go a step further and can offer services from zero to hero, or to focus on specfic innovative and improvement trajectories.

CYSSME selected three focus industry sectors which are key to the success of digital transformation, mobility and productivity. Not exclusive, but by focusing on domains such as manufacturing, e-commerce and innovative technology companies, CYSSME can focus on thousands of companies amongst the millions of them in Europe, and Western Europe. The three industries present a number of exploitable commonalities and specificities which make them a very useful vertical domain, which can be applied to other sectors afterwards as well.

Reach out to CYSSME to receive support for your Cybersecurity activities : advisory, assessments, threat and risk assessments, policy development, test before invest, technical implementations, operational support and developments.

Reach out to CYSSME today, call us at +32 16 79 8585 (partner LSEC as coordinator); chat with us; mail us at help at cyssme.eu; use the following contact form; or any other means you would consider needed.