Majority of the business operations within the East African region fall under the Small to Medium scale (SMB) sector. With the rapid evolution of technology, small businesses have adopted digital transformation to deliver services quickly and affordably. Digital adoption has been accelerated by the impact of the COVID pandemic. As a result, most SMBs have either not deliberately or consequentially considered cybersecurity with the duly deserved introspection.
According to the NTT Ltd 2020 Global Network Insights Report, investment in multi-cloud environments is overtaking organisations’ on-premises infrastructure spend. It is also driving the usage of personally-owned laptops, mobile devices, and remote access technologies, but inherently increasing the security risk. With all the benefits digital transformation has introduced, it has also widened the threat landscape creating numerous entry points through which organisations can be easily compromised.
Adding to the reactive approach in cybersecurity adoption is a looming misconception; that threat actors are only focused on large enterprises yet small organisations still possess sensitive data. Research from the 2020 Verizon Data Breach Investigation Report highlighted that 28 per cent of global data breach victims were small businesses.
In Kenya, the latest financial sector stability report prepared by financial regulators including Central Bank Kenya (CBK) and SACCO Societies Regulatory Authority shows that SACCOs lost Kshh106 million in the 17 months to March to cyber theft amid increased mobile banking, pointing to an increased need for reinforced systems and insurance covers to protect the billions they hold.
A reluctant predisposition to cybersecurity has made SMBs an increasingly primary and easy target for attackers. To further compound the challenges identified, SMBs have far lower security budgets coupled with a limited capacity to invest and maintain in-house cybersecurity expertise. Constantly being taxed to do more with less and security being an afterthought, small organisations end up compromising on security controls.
A National Cyber Security Alliance (NCSA) survey noted that after a breach, 37 per cent of businesses suffered a financial loss with 25 per cent filing for bankruptcy and 10 per cent eventually closing their businesses. Clearly the impact of breaches is very detrimental to the entire business operations. Small businesses cannot afford to place security at the back seat anymore. Small businesses need to re-think their approach to digital transformation and consider security as an integral part of business operations.
Transforming Cybersecurity for Small Business
The cybersecurity challenges plaguing small businesses cut across a wide spectrum of factors. As an effective way to comprehensively address the issues highlighted, we need to adopt a transformative approach that completely changes our perception and approach to security for small businesses.
Below are some key initiatives in extending an affordable, effective, and comprehensive cybersecurity strategy to small businesses.
Threat Landscape Visibility and Acknowledgement
Essential to solving a problem is accepting that there is a problem in the first place. With respect to small businesses and security, the initial effort should be spent on creating awareness around the security implications that come with digital transformation across various aspects of the business. Alongside this, emphasis should also be around how attackers are shifting their focus to small businesses as easy targets with equally valuable data.
The NTT Ltd Global Threat Intelligence Report 2021 goes a long way to describe the threat landscape in the region today and illustrates how the threats are distributed according to industry verticals and locations covering small, medium, and large businesses alike.
SMBs will not only appreciate the business impact of a weak security posture, but security also becomes an integral part of the business strategy conversation. This will greatly incentivise the security budget discussions and drive a more proactive approach to security.
Shifting to a Trust-Centric Approach (Zero Trust)
With a shift in the IT landscape—users, devices, and the cloud have moved control and visibility outside of the traditional environment. As a result, there are increased points of access, a larger attack surface, and more gaps in visibility.
Zero Trust is a comprehensive approach to securing all access across your workplace, workforce, and workloads. It helps secure access from users, end-user devices, APIs, the Internet of Things (IoT), microservices, containers, and more allowing you to consistently enforce policy-based controls, gain visibility into users, devices, components, and more across your entire environment plus enhanced threat detection and response.
Zero trust is an approach that can be realised by implementing security capabilities covering the different business processes ensuring the security is integrated into the day-to-day business operations.
Unified Security Architecture
The security solution space is marred by a variety of solution providers covering multiple aspects of the digital infrastructure. Having multiple security solutions can be a management nightmare considering limited IT resources, integration, and maintaining consistency across all the security controls.
A unified security architecture ensures that security is delivered as a single platform with tightly integrated security controls and centralised management for consistent policy enforcement and comprehensive visibility. The unified approach also fosters standardised intelligence sharing among the various security capabilities leading to better security insights for an overall proactive security approach to the organisation.
This approach delivers value to the business by effectively reducing risk, enhancing compliance and visibility as well as a reduced total cost of ownership (TCO) owing to the simplicity in management and enforcement across your entire organisation. The main aspects of the digital infrastructure that are elementary to the unified security architecture include endpoint, mobile, cloud, network, and IoT security capabilities.
Lloyd Oanda is a Solutions Architect – Intelligent Security at Dimension Data East and West Africa