Don’t think you are too small to be attacked. This is root cause for ignorance of cyber security

<?php echo html_escape(strip_tags($title)); ?>

By Ashish Mitra --
Friday, 05 Feb, 2021

Today is the age when IT and digitisation have become an all-pervading reality for the business world. Mobile device penetration is at an all-time high in India with a bigger potential for further growth.

In the light of these facts, SMEs have begun to take up technology as a business enabler at a faster pace. The Covid-19 pandemic has further strengthened SMEs’ belief that technology and digitisation are paramount to their relevance in an increasingly limited physical contact world.

SMEs have begun to increase their spending on technology for various fronts, ranging from back-office work to customer-facing operations. For example, mobile apps for customer and order management, SME focused ERP (some have ventured on to the cloud) focused on accounting and inventory management, e-commerce-oriented websites with payment gateway adoption, alignment of ERPs with service aggregator apps for better demand farming, and remote access and mobile-based access for back-office operations.

As SMEs and startups adopt technology and drive the digitization of their operations as part of their growth and market relevance strategy, a key aspect that remains ignored across the board is cyber security. The root cause for such a gap is the typical flawed belief that “I am too small or irrelevant to be attacked”. The pandemic has proved to be a golden opportunity for cybercriminals to increase their pace of attacks and achieve greater success as most business leaders largely focused on the business continuity aspects with lesser attention to cyber defense. This has helped cybercriminals attack one and all without differentiating between SMEs or conglomerates.

Attackers realize that with large scale technology adoption in the SME sector, the focus and awareness on security hasn’t reached the maturity levels it should have. As a result, they have taken to wide-spread attacks on SMEs in sectors such as export houses, hospital facilities, medical support services (example hospitals, pathology labs), and manufacturing/logistics SMEs (that make up the supply chain for large consumer goods companies), NBFCs, e-retailers and even CA firms.

The most common attacks in terms of SMEs are either ransomware or business email compromise (BEC) attacks. Some examples of BEC attacks on finance users are: Vendor communication spoofs and CXO communication spoofs.

Don’t think you are too small to be attacked. This is root cause for ignorance of cyber security. Today is the age when IT and digitisation have become an all-pervading reality for the business world. Mobile device penetration is at an all-time high in India with a bigger potential for further growth.

In the light of these facts, SMEs have begun to take up technology as a business enabler at a faster pace. The Covid-19 pandemic has further strengthened SMEs’ belief that technology and digitisation are paramount to their relevance in an increasingly limited physical contact world.

SMEs have begun to increase their spending on technology for various fronts, ranging from back-office work to customer-facing operations. For example, mobile apps for customer and order management, SME focused ERP (some have ventured on to the cloud) focused on accounting and inventory management, e-commerce-oriented websites with payment gateway adoption, alignment of ERPs with service aggregator apps for better demand farming, and remote access and mobile-based access for back-office operations.

As SMEs and startups adopt technology and drive the digitization of their operations as part of their growth and market relevance strategy, a key aspect that remains ignored across the board is cyber security. The root cause for such a gap is the typical flawed belief that “I am too small or irrelevant to be attacked”. The pandemic has proved to be a golden opportunity for cybercriminals to increase their pace of attacks and achieve greater success as most business leaders largely focused on the business continuity aspects with lesser attention to cyber defense.  This has helped cybercriminals attack one and all without differentiating between SMEs or conglomerates.

Attackers realize that with large scale technology adoption in the SME sector, the focus and awareness on security hasn’t reached the maturity levels it should have. As a result, they have taken to wide-spread attacks on SMEs in sectors such as export houses, hospital facilities, medical support services (example hospitals, pathology labs), and manufacturing/logistics SMEs (that make up the supply chain for large consumer goods companies), NBFCs, e-retailers and even CA firms.

The most common attacks in terms of SMEs are either ransomware or business email compromise (BEC) attacks. Some examples of BEC attacks on finance users are: Vendor communication spoofs and CXO communication spoofs.