3 minute read
PASCAL STEICHEN
CEO of the newly inaugurated Luxembourg House of Cybersecurity (formerly Security Made in Lëtzebuerg), Pascal Steichen explains the challenges small- and medium-sized enterprises face when it comes to protecting their data.
What are the top three challenges SMEs face in terms of cybersecurity? The top three challenges for SMEs are quite similar for all companies, to be honest. First of all, so-called ransomware attacks, which is a way criminals take your data, or take the data of the company, and ask for money to get it back… Especially for small companies, they probably have less backing to resist such an attack. If you want to get back the data, you want to be able to decrypt it again.
The second is all of these phishing emails that we get. Especially what we have seen in the last year is the way those email messages are written or constructed--the topics that they use are mostly, let’s say, crisis-related, related to topics that are in the media, that everybody’s talking about to get attention easier… Smaller companies are often better protected because they are small; the employees know each other.
The third big trend is linked to data in general--data breaches, but also abuse of data in the sense that with the digital world, everything’s in digital form... People use social networks, and all of this data, information, about how companies work, who knows who-all this information basically is being used by criminals to prepare different attacks… We see that criminals are really using that massively… especially as we are going into this artificial intelligence era, the manipulation of this data is getting even easier and more automatic. It’s not an enormous concern yet today, but this is clearly something we from the cybersecurity sector see as a trend coming.
What sort of costs are being incurred by such companies? A recent study [shows] that every 11 seconds, there is a ransomware attack. Globally, there’s an estimation that it costs the economy $20bn [in one year]. Especially from the European Commission side, also from us or other continents, there are a lot of new regulations, recommendations, etc., being produced the last few years, and many are still in the pipeline because there needs to be a way to manage this better.
Are certain sectors or individuals more at risk than others, generally speaking? Cyber criminality is really opportunity based… As soon as [the criminals] get access, they can ask for money… So a small company will have lower income than a big company, so they’re clearly doing the homework in that sense… Then there is a little percentage of activity that’s backed by governments, or I would say by organised crime… it’s really linked mostly to geopolitical aspects.
Are SMEs normally equipped to properly report data breaches? I would say there has been a quite positive evolution in reporting, especially in countries and regions where the data protection organisations or agencies try to [give] more guidance--trying to do a lot of awareness-raising, to even sometimes develop tools or have documentation to describe how things can be protected and also on reporting when there is a breach. I’ve never seen a case which was not international, or which was [only] local, focusing on one individual. The results always have collateral damage… so it’s very important to share information about cyberattacks, what happens, how it happens, how to be better protected, what one can do in such a case… Reporting comes into this general informationsharing concept. It’s a positive evolution we see, but there’s room to do better.
Pascal Steichen has around 20 years’ experience in cybersecurity.
