Understanding the Threat Landscape for SMEs

In our recent webinar, Cybersecurity for SMEs: Building A More Resilient Business, one of the important topics we discussed was the main cyber threats that we are seeing affect SMEs in 2022.

Alistair Campbell, Cyber and Network Security Engineer at Numata, says that working on the back end of client systems gives him first-hand experience with the most common threats facing businesses.

“The biggest threat that we're still seeing, and we see this daily, is a form of social engineering,” he says. “This includes multiple phishing campaigns being run into our environments daily and reports of users being exploited for their credentials.”

Jason Scanlon, Virtual Chief Technology Officer at Numata, explains that social engineering is where cybercriminals play on people’s emotions for nefarious purposes. “Social engineering is a technique where, for example, a cybercriminal will send you an email and demand something with a sense of urgency, or make it personal to you, if it’s a spear-phishing attack. Essentially, they are tricking people into thinking they are a trustworthy source; using psychology to trick human beings into clicking on something they shouldn’t.”

The other major issue that Alistair flags, which many small and medium-sized businesses remain unaware of, is third-party exposure. He explains that companies will purchase equipment or services from a third party, whether an application or a physical asset (for example, a CCTV security system of cameras) without checking whether the third-party supplier has the necessary security measures.

Alistair says there was an incident in South Africa a few years ago where a company installed a well-known brand of CCTV cameras. These cameras used open communication to a cloud system in China. They were easy to breach and therefore created an entry point into the company’s network when they were hacked. Read more about developing a strategy for your cyber-physical security systems here.

“Another big problem is configuration mistakes,” says Alistair. “I see this daily.” He says businesses are using default credentials on infrastructure, from switches to routers, and there are often no proper password policies in place. Multi-factor authentication (MFA) is not in place, which he says is especially important to enable for cloud systems like Microsoft 365, and companies generally have a problem of what he terms “poor cyber hygiene”.

“Companies are not properly aware of their cybersecurity posture; they're not allowing the proper access control listing on files and folders not just on local points, but also SharePoint, Google Drive, and Dropbox. Accessibility of data is a major concern as well,” he says.

One of the ways that companies can ensure they build resilience to cyber risk is to ensure all employees are trained in basic cybersecurity awareness. Another is to develop a cybersecurity response plan. If you are unsure where to start, consider speaking to an expert partner to help you assess your threat landscape and develop a plan to protect your business.

Numata offers cybersecurity solutions targeted at SMEs. Get in touch today to find out how we can help protect your organisation and your reputation from cybercriminals before it’s too late.