How SMEs Can Cope with the Growing Threat from Cyber Attacks


Over the past few years, there has been a steady rise in cybercrime across the world. As more and more secure software products are produced each day, cybercriminals are also adapting and becoming better equipped. A 2015 data breach investigation report by Verizon mentioned that approximately 71% of the attacks are performed from within the organisation (Verizon Enterprise, 2015).

How are most cybercrimes carried out?

Cybercriminals, or hackers, manipulate the network system by using advanced software and taking advantage of the vulnerabilities present in the software (Ablon, et al., 2014).

According to Zhang, Jhi, and Raghunathan 2014, the current malware which many organisations typically use is inadequate to combat the continually evolving vulnerability exploitations (Zhang, 2014). Consequently, many businesses are dissatisfied with the cybersecurity measures they have in place.

Who is in danger of sustaining a cyber-attack?

Small and medium enterprises (SMEs) are in more danger of cyber-attack than big firms. SME owners lack the IT expertise and resources required to understan and look after security issues in a rapidly growing threat environment (Emm, 2013). Moreover, many SME owners don’t make cybersecurity a priority. According to a study conducted by Jansen J. (Jansen, et al., 2016), SME owners only implement protective measures in the following scenarios:

1) When they believe that a particular measure will be effective?.

2) When they have capabilities to use internet technology?.

3) If they have a positive attitude regarding online protection.

Many organisations still do not understand the importance of implementing network security and how vulnerable their business is without it. Studies have shown that the recent rise of « bring your own device » (BYOD) culture is one of the main reasons companies are facing a growing cybersecurity issue these days. As organisations are allowing employees to connect their personal devices to the company’s network, it is opening up possibilities for attacks, and IT professionals are having a hard time securing these devices (Eddy, 2014). So although the organisations are adopting this culture to reduce the hardware, operations of the system, and services expense, the cost of supporting this venture is increasing.

What measures are organisations taking to protect themselves?

Although there are organisations that are still not serious about cybersecurity, there are many who understand its importance and are implementing protective measures. According to a recent study, the three most widely used methods employed by SME owners to protect their business from cyber-attack are:

1) use of cybersecurity policy and implementation of procedures to protect, defend, and react to cyber-attacks.

2) reliance on third-party vendors to provide for infrastructure services and cybersecurity preventative measures.

3) creating and ensuring awareness about cybersecurity threats within the organisation (Cook, 2017)

What solutions are available?

Studies suggest that relying on third-party vendors and outsourcing cloud solutions is becoming an increasingly attractive option. Having a vendor cloud provider has proven beneficial to many companies. It allows organisations to focus on vital business aspects instead of worrying about security (Rajan, 2015). Additionally, the ease of use, pricing, availability, scalability, and reliability enables them to compete globally in a cost-effective manner by sharing cloud infrastructure and computer resources. (Dillon & Vossen, 2015).

What factors should companies consider before investing in a cloud solution?

Although there are proven benefits of hiring third-party vendors for security, many organisations are hesitant to rely on them due to trust issues. Cloud storage and operations are managed by service providers off-premises to take advantage of cloud computing, such as disaster recovery backups. Many organisations are not comfortable with that, as this brings in additional security and monitoring matters (Abdellaoui, et al., 2016). Since data owners have less control over it, cloud storage security becomes a challenge if customers cannot trust the service providers. Therefore, data confidentiality becomes the primary concern and vendors must develop trust with customers. Some studies show that most organisations adopt IAAS, as it has the least lock-in. If the customer wants to exit, they could host identically-configured virtual machines on their on-site hardware, with other services, vendor lock-in becomes an issue. One study’s critical finding indicates that the organisations that have adopted IAAS are overall satisfied with the cloud and do not wish to revert back to the traditional model (Rajan, 2015). Thus, for a cybersecurity company offering, an IAAS cloud solution is beneficial as it requires the least amount of dependence on the vendor. Studies also suggest that credibility is particularly important when it comes to cybersecurity. There is a lot at stake because cyber-tech customers are not only looking for a good solution to improve their business, but also a solution that enables them to protect their business.  Providers must demonstrate that they know the ins and outs of the industry and that they can provide specific solutions (Strehlow, 2018). Hence, vendors who can gain trust by showcasing credibility, also have a high chance of generating leads.

How companies like Stryve can help you?

At Stryve, we provide cybersecurity consulting services and cybersecurity solutions which offer access to valuable advice from cybersecurity specialists and the latest cutting edge technologies. Our primary customer base consists of small and medium businesses throughout the UK and Ireland.  They may have an IT Manager or CTO in situ but lack a dedicated security lead and are thus interested in receiving support from us. You can view our video on 6 key steps SMEs can take to protect against cyber attacks.

About Stryve

At the core of our mission is a desire to bring Fortune 500 levels of security and expertise at a price point that is affordable for small and medium businesses. We are a dedicated cybersecurity provider and not a reseller which enables us to configure your cybersecurity requirements based on what is best for your specific context. We work closely with clients to develop relationships and ensure that our solutions not only meet but exceed their expectations. We offer 24/7/365 support and our clients know that if ever have an issue or concern, we are always only a phone call away.

Do you have 5 minutes for a quick chat?