Fri, 30 Jul 2021
22.7 C

Mid-sized companies largely defenceless in face of increasingly sophisticated cyber attacks

Home Business Management Finance & Investment Mid-sized companies largely defenceless in face of increasingly sophisticated cyber attacks

Medium-sized companies in South Africa are in a precarious position in terms of cybersecurity, writes Lukas van der Merwe, Specialist Sales Executive: Security, T-Systems South Africa.

 SOUTH Africa has been near the top of the list for cyberattacks for some time now and has one of the highest risk ratings in the world. Unfortunately, it is becoming increasingly difficult to reduce this, as attacks are continuing to become more sophisticated.

Consequently, companies in the mid-market sector face numerous hurdles with regards to cybersecurity, with affordability topping the list.

In most cases, smaller and lower-margin organisations simply cannot afford next-generation technology to improve their cybersecurity posture. At the same time, many still believe that smaller entities are less likely to be targeted than large enterprises.

The affordability aspect is also related to the fact that it requires expert skills to implement and maintain not only next-generation security solutions, but simply what is currently accepted as good practice.

Given that the cybersecurity landscape changes on a daily basis, no static implementation would be relevant or offer the kind of protection required. So, if an organisation does not have an extended security team, it is difficult to maintain currency.

Bigger attack surface

The situation is further exacerbated by the current pandemic, as many organisations are adopting remote work practices, cloud and software-as-a-service solutions. While this offers more sustainability under the circumstances, it frequently expands the attack surface of an organisation in terms of cyberattacks.

As a result, the cybersecurity question becomes so overwhelming for many mid-market enterprises that they simply stick to what they know, which is the traditional “castle and moat” approach. This entails putting in place some perimeter defence and endpoint protection, keeping it current and hoping for the best. Yet, this is becoming increasingly inadequate.

It is difficult to quantify a cyberattack in terms of costs for mid-sized companies, as reporting is not mandated in South Africa. However, IBM’s 2019 Cost of a Data Breach Report found that a data breach now costs $3.92 million on average.

The report warns that a breach can be particularly acute for small and mid-sized businesses, with companies with less than 500 employees suffering losses of more than $2.5 million on average.

South African mid-sized businesses come close to the average number quoted in the report, so a cyberattack could potentially be financially devastating.

What’s more, enterprises could suffer reputational damage and a resultant loss of business if sensitive customer data is exposed. In addition, depending on the industry, the company and its dependence on IT, a breach could bring operations to a halt, leading to further financial implications.

The bare minimum

As an absolute minimum, all mid-sized enterprises should have perimeter and endpoint protection in place. There is a myriad of solutions that offer multiple layers of protection, depending on the type of information an organisation processes and its specific risk profiling.

From an access protection point of view, beyond basic perimeter protection, companies need to consider network access control to ensure that only authorised users can access its network. With a significant number of remote workers, companies now need to ensure that they securely connect its network, so VPN technology would be key. The list is almost endless in terms of what solutions can be added on top.

Most mid-size companies can do little of this successfully and this is where managed security service providers can offer significant value. They can leverage shared solutions that are in place for a larger number of customers, whilst maintained by a group of experts with significant experience. This can be implemented at a unit cost, far below what a dedicated investment would be.

They should consider looking at managed security service providers that deliver an end-to-end service, instead of investing in their own technology, which could be prohibitively expensive and difficult to manage and maintain.

It is important that enterprises perform a holistic risk assessment and define the defence cost relevant to their organisation, before dismissing any cybersecurity investment as too expensive. The impact of a breach would be far worse.

Most Popular

New top team for EC mega tea estate

THE largest tea estate in the Southern Hemisphere, Magwa Enterprise Tea (MET) which was until recently led by an interim Board, has announced the...

Freight body ‘dismayed’ as cyber-attack cripples ports

THE Road Freight Association (RFA) has expressed it dismay and grave concern about the recent cyber-attack on Transnet which caused crippling delays and disruptions...

EC pet food company expands pawprint into Gauteng

MONTEGO Pet Nutrition recently acquired an existing 3,000 sqm pet food production facility in Rosslyn, Pretoria, a move that is expected to boost the...

Plastic recycling heavyweights sign sustainability pledge

THE South African Plastics Recycling Organisation (SAPRO) and MyPlas have become the latest signatories of Operation Clean Sweep (OCS), an international stewardship programme designed...