Small companies with under 50 employees have to deal with cyberthreats like everyone else, but unlike larger firms, they might not be able to prioritise IT security, with their focus being primarily on business growth. In fact, small businesses are appealing to hackers as they typically have a moderate amount of valuable data with minimal security, which hackers can use to steal from many others. Considering that SMEs constitute approximately 98% of all business in Kenya, create 30% of the jobs annually as well as contribute 3% of the GDP1 – it’s critical that online security is not a challenge that hampers their growth, but rather allows them to digitalise without security technical expertise.
A survey by the Kenya National Bureau of Statistics indicated that approximately 400,000 micro, small and medium enterprises do not celebrate their second birthday. Few reach their fifth birthday – leading to concerns of sustainability of this critical sector. While there are a number of hinderances, thinking you’re too small to be of interest is exactly the mindset that cybercriminals are exploiting to launch increasingly sophisticated malware against small businesses. In fact, they know what many SMEs don’t: They are a target!
Unfortunately, many SMEs view IT security as a ‘commodity’, seeing little difference between the various options available to them. That’s a dangerous myth; even a one per cent difference in detection rates can result in hundreds of thousands of pieces of malware slipping through the nets over the course of a year, especially considering how many new pieces of malware are detected every day. The most dangerous threats are the ones SMEs know about.
In fact, today’s digital environment calls for new security strategies – and Kenyan SMEs need to know the dangers out there and be vigilant about how they conduct their everyday business. Key to this is demystifying 4 key aspects:
- There is no cybercrime in Kenya
The reality is that the criminal economy is closely interrelated with the global economy, and as Kenya further entrenches itself in the global village, it too is subject to vulnerabilities. In fact, recently Kenya ranked number 49 as the most attacked country. Additionally, ransomware continues to target small organisations globally, with 37% of VSBs having experienced two or three incidents of ransomware infection in the past 12 months2.
- Attackers only target large organisations
The increasing professionalism of attackers has, over the past few years, also led to considerable changes in threat scenarios. The object of today’s attacks is no longer to infect as many PCs as possible with worms or viruses to achieve media attention and fame. On the contrary, today’s attacks are mostly intended to keep the threat hidden for as long as possible and to evade the attention of the anti-virus programme. The longer these take to react to new threats, the more time the attacker has to ensure that the malicious code reaches its target. As such, anyone can become a victim of cybercrime or identity theft – and SMEs are no exception.
- Security software and firewalls are 100% effective
Firewalls and antivirus products are the must-have foundation layer of a security technology plan. However, given the changes in the landscape, neither of these elements are guaranteed to protect a business 100% from an attack. To effectively protect against today’s threats, organisations need to take an integrated approach to security by deploying solutions at the gateway, server and client levels. Combining these technologies with good security habits is the best way to reduce potential risk.
- Security gets in the way of doing business
Newer technologies such as Internet of Things, AI and wireless services for example create new opportunities and new ways of doing business – but they also allow for more threat avenues. Security is the enabler that gives businesses the confidence to know that their critical data and information is protected and as such, shouldn’t be seen as an inhibitor, but rather a facilitator that allows them to realise their true potential, without any concern.
Knowing the truth will allow SME owners to make more informed decisions about how to better protect themselves. While believing such myths may not present a direct threat, they may cause a business to become careless about security habits which more than likely may result in the business becoming a victim of an attack. New technologies give small businesses new opportunities to grow, but threats are always present: fake websites, malicious pictures and unprotected networks; free but unsecure Wi-Fi spots; and even lost or stolen work devices. All of these elements are risk factors for businesses and their data, especially small companies, who are key to the Kenya economy.