13 November 2020
SME Cybersecurity Awareness
The use of information and communication technologies across enterprises increases continuously, as it enables the development of new business models and the improvement of operational and commercial activities. Nevertheless, this practice introduces new vulnerabilities, which require the deployment of suitable countermeasures, to be treated in order to prevent their exploitation by various threat agents.
Larger organisations possess both the resources and often the maturity to establish the required mechanisms for continuous monitoring and enhancement of holistic cybersecurity programs. However, small and medium-sized enterprises, more often than not, lack both the resources and the incentives to prioritise this practice. At the same time, they constitute a significant portion of the European economy, both numerically and in terms of revenue.
As the European digital value and digital supply chains increase in complexity and cross border / market dependencies, the impact and spillovers of each cybersecurity incident become more severe. Furthermore, prior studies have shown that numerous security breaches occur due to negligence or nescience of the personnel within an organisation and that many times attackers structure malicious actions by exploiting one or more human factor weaknesses.
Maintaining a secure and resilient posture is a continuous process for every organisation requiring a balanced focus on people, technologies and processes.
It is well known that as the operating environments become more complex, and the corresponding guidelines proliferate, it is getting increasingly difficult, especially for SMEs, to keep track, invest in and apply the required solutions.
Although digitalisation is one of the main drivers for development, the return on investment for security, which it is even possible to model, is not directly evident for decision-makers. However, the cost of cyber incidents is clear to all: more than 60% of cyber attacks are aimed at SMEs, and 60% of those SMEs which have been victims of cyber attacks do not manage to recover and end up shutting down operations within six months.
The principal objective for each organisation should be to establish a cybersecurity culture that must be initiated and maintained at the strategic level and propagated downwards towards operations, within both the organisations themselves and the supply chains in which they participate.
CyberSec4Europe’s goal in this area is on advancing the state of the art by developing novel security awareness conceptual models, monitoring and enhancement methods with international applicability.
Our focus is to analyse and identify efficient measures and methods for the continuous enhancement of societal security awareness, referring to private usage of digital technologies, human aspects of information security, professional practice and competence development. Furthermore, we seek to investigate suitable measures to raise cybersecurity awareness across industry and society by establishing the value of new integrated secure and trust-aware services, with particular focus on SMEs, and the cybersecurity vulnerabilities that these SMEs may face and introduce into supply chains.
Read more on our report here.
Sunil Chaudhary, Norwegian University of Science and Technology (NTNU)