SMEs used to be “small planes that fly under the radar” but have now become “low hanging fruit for hackers.”

Business of All Sizes Should Invest in Protecting their Data

Small and medium-sized businesses are increasingly at risk of cyber terrorism in the region, with any attack likely to have crippling financial consequences, an APEC forum was warned recently.

The forum on building the digital competitiveness and resilience of small and medium enterprises (SMEs) heard that attackers have traditionally overlooked small business, preferring to target banks and other large companies and organizations because of the amount of valuable data potentially obtained in one strike.

But Jim Liu, chief technology officer at Lucent Sky, a company that builds online security tools, said attackers now have greater capacity to hit hundreds of thousands of companies at once, because of advancements of technologies such as cloud computing and artificial intelligence.

SMEs used to be regarded as “small planes that fly under the radar” but have now become “low hanging fruit for hackers” Liu told the forum, a gathering of small and corporate business leaders as well as cyber security experts from the government and private sector.

Mr Liu said small businesses are increasingly being compromised through their emails, including through receipt of phishing messages, which attempt to install malicious software and steal personal data.

“Unlike big companies, which often have more dedicated channels for sales and other business activities, small companies largely rely on emails to conduct their day to day business,” he said.

The forum, part of APEC’s multi-project O2O Initiative held in Ho Chi Minh City in September, was aimed at raising awareness of cyber security issues among SMEs as a first step to strengthening their defences.

“After years of promotion by APEC, many SMEs in this region have learned and implemented their knowledge of building business continuity plans in the event of a natural disaster, like an earthquake or flood,” said Dr Li Wei-Sen, Executive Director of the APEC Emergency Preparedness Capacity Building Centre.

“But many SMEs have overlooked the importance and possible impact of cyber security, because they don’t have access to resources or capable staff or don’t see the value, until it’s too late.”

“We are trying to provide simple steps that SMEs can follow that can build digital resilience.”

APEC has produced a guidebook for SMEs on building digital resilience, which includes practical key steps to follow such as understanding your company’s Information Security Management System (ISMS) and forming a team to manage this.

Mr Liu said many SMEs were unprepared for a cyberattack. Only one in ten small companies have a dedicated budget for cyber security, according to a recent survey of IT staff in SMEs, conducted by the Ponemon Institute, which specializes in independent research on data protection.

Almost 90 per cent of IT specialists said their companies were not prepared for ransomware, a form of malicious software that often blocks users’ access until a ransom is paid, according to the US institute’s research. More than half of them have experienced data breaches in the last 12 months.

The forum was told that cyberattacks cause huge financial losses. In March this year, the US House of Representatives Small Business Committee indicated that 60 per cent of small businesses in the US were forced to shut down within six months after suffering an attack.

“You are not too small to be hacked,” said Mr Liu, who told the forum that many simple actions are key steps for SMEs to build resilience. This includes turning on security features such as encryption, backing up data and testing backups regularly, as well as educating colleagues and employees.