by | 5 Oct 2020

4 common misconceptions that put SMEs at risk of cyber attacks

The health crisis has only served to heighten businesses’ reliance on online tools, especially with the rise in remote working. However, this dependence has also led to a surge in cyber attacks on SMEs. No, cyber criminals don’t only target large corporations! In fact, quite the contrary…

1. My business is too small to interest hackers

99.9% of French business are SMEs. While the vast majority are very small companies (95%), there are 150,000 MSBs, just over 5,000 middle-market companies and less than 300 large businesses. And while it’s true that the eye-watering revenues of big names such as Total, Carrefour and Bouygues are much more tantalising than a local florist, they also have incomparable IT security defences. While their protection might not be impregnable, it remains a roadblock for most hackers who turn their attention to smaller businesses whose systems are more vulnerable to cyber threats. The easy targets.

We have seen a resurgence in cyber attacks on companies in a variety of industries as well as on licensed independent professionals such as accountants, lawyers and doctors,” notes Réis Rocroy, founder of Ozon. “Some are held to ransom, exposing flaws in their system backups, while others see their client’s personal data stolen.” Figures from CPME confirm it: 4 out of 10 businesses with under 50 employees were a victim of a cyber attack in 2019. And the cost is far from negligible: 700 million euros per year for SMEs according to a study by SystemX, an Institute for Technological Research.

A resurgence in cyber attacks on industry and licensed professionals

2. I’m safe because I’m not an e-commerce business

It’s not only SMEs with an online presence, such as e-commerce or showcase website, that are targeted by cyber attacks. Emails are the main port of entry for hackers since they offer a whole host of flows to exploit:

  • Phishing, where they send an email pretending to be a service provider or organisation to gain access to login or bank details;

  • Email fraud, where hackers steal the identity of a director and then order a money transfer (spear phishing);

  • Ransomware, where users click on a download link containing malicious software that encrypts data online to be held at ransom.

Employees themselves can also expose their employers to cyber threats, for example, by installing non-approved applications, downloading files containing malware or connecting to unsafe public WiFi networks. Such issues are not the preserve of e-commerce professionals: any employee using a digital device that has access to sensitive company data represents a potential flaw if not adequately protected.

3. Cybersecurity is too expensive for a small business

Cybersecurity is rarely a cultural norm for small and medium-sized businesses, and by the time they realise its critical importance, it’s (often) too late. It’s usually when an SME falls victim to a cyber attack that it starts including computer security in its IT budget, which typically only covers equipment, maintenance and business applications. However, there are solutions tailored to SMEs such as CyberSolution 360°, which cost much less than the average cyber crime. In fact, several studies by local chambers of commerce found that the majority of such cyber attacks lead to bankruptcy in the short term.

Cybersecurity risk management requires continuous investment that keeps up with the evolution in cyber threats,” acknowledges Régis Rocroy. “The cyber industry’s traditional approach industry doesn’t suit SMEs because the market is made up of over 20 meta segments, each segment covering a different cyber risk profile. However, the last few years have seen the emergence of the cloud and SaaS, which provide small and medium-sized businesses with affordable and dynamic online cybersecurity applications and services. And besides that, it is nowadays vital to have the support of cyber experts for day-to-day management and in the event of a suspected or actual incident.

SaaS makes cybersecurity affordable for SMEs

4. I’m protected by the antivirus installed on my computer

They have names like Norton, McAfee, Bitdefender and Kaspersky, and sometimes are even offered for free by Avast, Avira and AVG. Antivirus software provides a first layer of protection against malicious programs, but… “Anti-spam and anti-virus software don’t provide effective protection against the most common attacks that target SMEs” counters Ozon’s founder. “You must choose more advanced security technology to mitigate cyber threats.” Because in addition to ensuring an up-to-date virus database, it is also essential that each computer installs OS security updates right away, a feature not provided by general public software.

And for Apple users with macOS or those who believe that Microsoft 365 means they don’t have to worry about cyber threats, it’s not that simple: “The effectiveness of the security features and mechanisms of such tools depends upon them being configured correctly,” explains Réis Rocroy. “And, on top of that, the widespread use of these tools makes them more attractive to hackers and cybercriminals, since they offer a better return on investment. Every piece of computer technology has security flaws.”

Don’t be left in the dark: evaluate how at risk your business is to cybercrime in 3 minutes with our free CyberCheck SME tool.