VIEWPOINT
THE NEW MANDATE RAM NARAYANAN, COUNTRY MANAGER AT CHECK POINT SOFTWARE TECHNOLOGIES, MIDDLE EAST, ON HOW CYBERSECURITY READINESS PREVENTS SMALL AND MEDIUM BUSINESSES (SMBS) FROM FUELLING SUPPLY CHAIN ATTACKS
S
upply chain attacks aren’t new. If the past couple of years have taught businesses anything, it’s that the impact of supply chain cyber attacks is now, universal, from the fallout of the SolarWinds software breach, to the exposed Apache Log4j vulnerability and Kaseya last year. Unfortunately when such supply chain attacks hit smaller businesses who are usually the suppliers to larger enterprises, their impact is especially prohibitive. For SMBs already feeling the prolonged impact of the pandemic, the added pressure of dealing with sophisticated and frequent cyber attacks in real time, are a heavy burden, as they try to protect their business against financial, legal and reputational damage, as well as their own suppliers and larger clients’ security. It is now more important than ever for SMBs
36
CXO INSIGHT ME
JUNE 2022
to implement strict security hygiene and effective cybersecurity processes to ensure their business is prepared for the event of cyber attacks happening. SMBs as an indirect avenue of cyber attacks The ‘new normal’ opened the door to several new vulnerabilities; cyber attacks globally increased by 50% on average in 2021, compared to 2020. Our Check Point Threat Intelligence report revealed that an organisation in United Arab Emirates is being attacked on average 906 times per week in the last six months. While security breaches are on the rise, the top threats impacting SMBs have remained the same. In Check Point’s Small and Medium Business Security Report from 2020/2021, we revealed phishing, malware, credential theft and
ransomware to be the top four threats impacting these businesses. So, what does this mean for them? The reality is threat actors have taken advantage not only of the nowentrenched remote working model to target organisations, but also the usual limits preventing SMBs from bulking up on their cyber security defences, mainly lack of budget and expertise. SMBs often do not have a dedicated IT or security department, meaning with no in-house security expertise and reduced focus on security patching, these companies are easier to socially engineer and infiltrate. Adding to this, SMBs usually have employees doing multiple roles, and thus a wider access to valuable areas of the business and information is given to them, and so if breached, they pose a threat to multiple areas within
