Most mid-sized companies fear a cyber attack - and rightly so. Yet they hardly invest purposefully in cybersecurity. Nor is there usually a cybersecurity strategy. That poses major risks to the continuity of their essential business processes. What is going on?
For medium-sized companies, such as there are many in Belgium, it is not easy to provide a watertight IT security system with up-to-date technology, permanent monitoring and all the knowledge that goes with it. However, even for smaller companies it is perfectly feasible to follow a good strategy around cybersecurity without large investments.
Weak spots in the defense
That such a strategy is indeed necessary, even for medium-sized companies, is clear from daily reality. Cyber attacks remain a growing problem and cybercriminals are certainly also targeting medium-sized companies. These usually have more weak spots in their defenses.
Tip of the iceberg
More than half of all SMEs have already reported that they have been the victim of a cyber attack. And the headlines about data leaks, hacking, phishing and other cybercrime are also a warning sign. In reality, the problems are even bigger, because most companies prefer not to make it known that intruders have entered their IT network.
Cybersecurity Essentials for business owners
Be the first to be notified when our eBook 'Cybersecurity Essentials for business owners' is released.
Cybercrime is a major threat to companies of all sizes. For smaller and medium-sized companies, the average financial loss from a security breach is as much as 130,000 euros. A successful cyber attack can severely hinder or even completely paralyze operations. In addition, hackers sometimes get hold of important company data or sensitive information belonging to employees or customers. A cyber leak is therefore detrimental to the image of the company.
Unfortunately, it is not easy to keep cybercriminals out efficiently because their tactics are constantly evolving. For example, they can sabotage and blackmail companies with DDoS attacks and ransomware. The corporate network has also long since ceased to be physically bounded by the corporate walls. As a result, cybercriminals have many more opportunities to penetrate, for example through mobile apps and cloud applications - right down to the backups.
Phishing mails to employees
Email does remain the most common means of circumventing IT security. More than 91% of cyberattacks occur via email. Increasingly, these are phishing messages: they are not recognized by the classic antivirus software so they can end up in employees' mailboxes en masse. Anyone who is not alert can easily fall for them.
Infected without being noticed
Sometimes it is immediately clear that something is wrong, but it also happens that malware ends up on a computer without the user noticing it. The virus program can then remain active for a long time. In this way, cybercriminals can sometimes take over the system and deploy it in DDoS attacks.
Not enough attention for cybersecurity
75% of the companies in Cheops' midmarket survey indicated that they would like to pay more attention to their cybersecurity. Yet there still appears to be a deep gulf between those intentions and the reality. Most companies are insufficiently aware of cybercrime and therefore fail to secure themselves adequately. Nor do they have a plan of action ready for when things go wrong.
Feasible cost via cloud service
This is where the great added value of a managed service provider (MSP) lies. Such an external specialist can help medium-sized companies get on the right track and keep them efficiently protected against cyber attacks. An MSP can also develop a more holistic approach for complete and permanently monitored security. A disaster recovery plan is also part of that strategic approach. Purchasing all of that as a service through the cloud keeps the cost manageable even for mid-sized companies.
Access to security expertise
MSPs can therefore be the perfect partner for medium-sized companies to combat cybercrime. Via the MSP, these smaller companies gain access to extensive, specialized and up-to-the-minute expertise. This is a great advantage, because some 62% of the companies in the midmarket survey do not have the necessary knowledge in-house. By outsourcing IT security tasks to an external managed security partner that can provide all the knowledge and technology for this, mid-sized companies can focus on their own innovations and growth.