What are prompt injections and why do they matter?
How threat actors are turning AI against itself.
Read MoreWelcome to the new 124 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.
Keep up with our weekly newsletters on LinkedIn — subscribe here.
Your weekly delivery of exclusive interviews and insights from the global BHMEA community.
How small businesses are suffering in the fight against cyber threats – and what the cybersecurity sector can do to help.
Because ransomware group 8Base is targeting small businesses in its attacks. And small businesses are less likely to have the operational procedures in place to mitigate threats.
When we interviewed Abeer Khedr (CISO at National Bank of Egypt) for the BHMEA blog, we asked her about the key threats that concern her in 2024. She said:
“According to the World Economic Forum outlook report, inequity between cyber resilient organisations and smaller less resilient ones will continue to increase.”
“This is a cause of concern because the less resilient companies could be our suppliers, our customers; it’s one ecosystem. This should drive our efforts in 2024 to increase awareness and support these companies on how to apply security measures and develop incident response capabilities to increase their cyber resilience.”
Helping small businesses increase their cyber resilience isn’t just about being nice to small businesses. Often, those companies are supplying their products or services to larger organisations; and if they’re a weak link in the security of a supply chain, they expose all of their partners to the risk of data theft or breach.
With limited financial resources and smaller IT budgets, small businesses struggle to establish robust security measures and continuous monitoring, and they’re unlikely to have dedicated security personnel.
On top of this, small businesses are far less likely to have the capacity to run security awareness programs than their larger counterparts. Theoretically, it’s much easier to create a strong culture of security among a smaller, more engaged team; but small businesses don’t have the resources to make that happen.
A lack of specialised cybersecurity knowledge and awareness training in-house means that it’s difficult to choose, implement, and maintain effective security controls. Small businesses might adopt a set-it-and-forget-it strategy with their cybersecurity tooling – and this means they quickly fall behind on emerging threats and software updates.
And then there’s the reality that for many small businesses, security just isn’t a priority. This isn’t their fault; they’re working at stretched capacity with a small team, and they’re focused on other things. This means that their security systems are often left unpatched for far longer than a large-scale business would allow.
We’ve got to look at this from every angle – and most importantly, we have to understand the challenges that small businesses face.
This takes empathy, and it takes time.
Cybersecurity sector professionals can play a role in increasing resilience among small businesses by:
The cybersecurity industry needs to lobby for policies and regulations that take into account the limited resources that small businesses are working with; promote the development of affordable, user-friendly security tooling specifically designed for small businesses.
We want to know what you think. What can the cybersecurity sector do to improve security for small businesses – and if small businesses aren’t well protected, what does that mean for the ecosystems they operate in? Open this newsletter on LinkedIn and share your perspective in the comment section.
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 10 July 2024.
Catch you next week,
Steve Durning
Exhibition Director
Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.
Join the newsletter to receive the latest updates in your inbox.
How threat actors are turning AI against itself.
Read MoreWe take a quick look at major cybersecurity funding rounds and key investment trends in 2024.
Read MorePhysical entry points: Why cybersecurity isn’t just digital.
Read More