Cyber Attacks on Small Businesses

Welcome to the new 124 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

Your weekly delivery of exclusive interviews and insights from the global BHMEA community. 

This week we’re focused on…

How small businesses are suffering in the fight against cyber threats – and what the cybersecurity sector can do to help. 

Why? 

Because ransomware group 8Base is targeting small businesses in its attacks. And small businesses are less likely to have the operational procedures in place to mitigate threats. 

When we interviewed Abeer Khedr (CISO at National Bank of Egypt) for the BHMEA blog, we asked her about the key threats that concern her in 2024. She said:

“According to the World Economic Forum outlook report, inequity between cyber resilient organisations and smaller less resilient ones will continue to increase.”

“This is a cause of concern because the less resilient companies could be our suppliers, our customers; it’s one ecosystem. This should drive our efforts in 2024 to increase awareness and support these companies on how to apply security measures and develop incident response capabilities to increase their cyber resilience.”

Increasing the resilience of small businesses has knock-on benefits 

Helping small businesses increase their cyber resilience isn’t just about being nice to small businesses. Often, those companies are supplying their products or services to larger organisations; and if they’re a weak link in the security of a supply chain, they expose all of their partners to the risk of data theft or breach. 

Why does this inequity exist?

With limited financial resources and smaller IT budgets, small businesses struggle to establish robust security measures and continuous monitoring, and they’re unlikely to have dedicated security personnel. 

On top of this, small businesses are far less likely to have the capacity to run security awareness programs than their larger counterparts. Theoretically, it’s much easier to create a strong culture of security among a smaller, more engaged team; but small businesses don’t have the resources to make that happen. 

A lack of specialised cybersecurity knowledge and awareness training in-house means that it’s difficult to choose, implement, and maintain effective security controls. Small businesses might adopt a set-it-and-forget-it strategy with their cybersecurity tooling – and this means they quickly fall behind on emerging threats and software updates. 

And then there’s the reality that for many small businesses, security just isn’t a priority. This isn’t their fault; they’re working at stretched capacity with a small team, and they’re focused on other things. This means that their security systems are often left unpatched for far longer than a large-scale business would allow.

How can the cybersecurity sector drive stronger security for small businesses? 

We’ve got to look at this from every angle – and most importantly, we have to understand the challenges that small businesses face. 

This takes empathy, and it takes time. 

Cybersecurity sector professionals can play a role in increasing resilience among small businesses by: 

• Making security solutions that are affordable – and tailoring them to the needs of small businesses. Cost-effective solutions such as bundled security packages that cover all bases, cloud-based security services, and user-friendly tools that don’t require in-house cybersecurity expertise.
  
• Offering training and awareness programs specifically for small businesses. These could be online programs, in-person events, and/or consulting services that allow businesses to understand and improve their security posture.
  
• Advocating for the needs of small businesses within the cybersecurity sector. A lot of B2B resources in cybersecurity are geared towards large-scale organisations. And small businesses need a voice in all of this. 

The cybersecurity industry needs to lobby for policies and regulations that take into account the limited resources that small businesses are working with; promote the development of affordable, user-friendly security tooling specifically designed for small businesses.

Join the conversation

We want to know what you think. What can the cybersecurity sector do to improve security for small businesses – and if small businesses aren’t well protected, what does that mean for the ecosystems they operate in? Open this newsletter on LinkedIn and share your perspective in the comment section. 

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 10 July 2024.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.