By 
By Marla Mendes, Head of Pan-Africa Telcos at Check Point Software Technologies.
As SMBs face increasing attacks, Check Point Software Technologies explores what three things can be done to improve their cybersecurity.
Just like larger companies, small and medium businesses (SMBs) emerged from the pandemic ready to invest and grow. A recent survey we did with Analysys Mason showed that, in particular, SMBs are looking to grow by hiring staff, adding sites and investing more in IT. Today, SMBs are investing in all areas of IT, embracing cloud, mobile and SaaS technologies to both gain a competitive edge and adapt to new, more remote ways of working.
RELATED: SMB growth plans held back by inadequate cybersecurity
However, cybercriminals know that, for many, these investments are new territory. They recognise that SMBs struggle with the expertise, manpower and IT budget needed to properly secure their critical assets. And they’re taking advantage of these vulnerabilities, targeting them more aggressively with phishing attacks, malware, credential theft and ransomware.
In Africa in 2022, Check Point Software Technologies found that the average number of organisations impacted by ransomware – per week – currently sits at 1 out of 21. Compared to the global average of 1 in 40, this makes Africa the most attacked region in the world. In Kenya alone, SMBs lost Sh106 million (equivalent to Sh208,000 daily(equivalent to R15 million) in 17 months to March 2021 to cybercrime.
SMBs are well aware of the growing threat and are investing in cybersecurity where they can. Last year, SMBs worldwide spent USD68 billion on security solutions – with that figure expected to increase to USD105 billion in 2026. Yet despite this, IT managers still don’t feel adequately protected.
SMBs, the service providers that support them, and the vendors that develop security solutions, can all do more to protect the lifeblood of our economies from cyber attacks. Not only are these attacks detrimental to SMBs, resulting in loss of revenue and customer trust, but they put larger enterprises at risk too. With the increase in supply chain attacks, cybercriminals are increasingly using more vulnerable SMBs as an entry point into larger enterprises.
So, what can be done?
- Improve access to specialist cybersecurity skills
In our survey, we found that only a minority of SMBs around the world have internal security specialists. This means that a large number of SMBs either have no security products in place, or these products are managed by non-specialist staff.
SMBs are struggling to find – and keep – the security expertise they need. Where talent is available, it’s often swallowed up by larger enterprises that can afford to pay larger salaries.
To solve this, we need to make the talent pool bigger. Cybersecurity vendors and their partners can play a critical role here, offering more skills development programmes across the continent. This is something Check Point is actively engaged in with our SecureAcademy initiative. Together with universities across Africa – including Strathmore University in Kenya and the University of Chouaib Doukkali in Morocco – we’re providing the future workforce with cybersecurity skills and employable certification. Our local partners are also very on board with our internship programme, which has provided over 100 previously disadvantaged students with cybersecurity training and internships, leading to many obtaining permanent jobs within our ecosystem.
2. Make cybersecurity solutions simpler and more affordable to deploy
Most concerning in our survey is the finding that many SMBs do not have even the simple security products in place. Where products are used, it’s most often basic anti-virus software. The reasons for this are linked to the point above: SMBs either lack an understanding of their security options, or are looking for solutions that are quick and easy to deploy by non-specialist staff. There’s also the issue of tight budgets. Many SMBs simply can’t afford the prices behind the advanced threat protection they need today.
Again, this is where cybersecurity vendors and service providers can step up to the table, offering bespoke ‘all-in-one’ security packages that meet SMB needs. And what exactly do they need? Looking at our SMB Security Report, survey results showed that:
- For SMBs, the number one must-have when considering security gateways is threat prevention performance, followed by solutions that are quick and easy to implement, manage and report on.
- SMBs are looking for bundled offerings, specifically requesting mobile security, incident response management, cloud and email security, and endpoint protection.
- In terms of budgets, SMBs would rather take on providers with more flexible payment options, leaning towards monthly payments or pay-as-you-go subscriptions for broadband access, security and service support.
3. Engage more with managed security service providers (MSSPs)
If talent and budget constraints continue to be a challenge, SMBs can also consider outsourcing their security to third party managed security service providers (MSSPs). With an MSSP, SMBs can gain access to experienced cybersecurity professionals at an affordable cost. Third party advisors can provide expert advice on the best security solution for each SMB, along with training and ongoing support.
We see the use of MSSPs becoming a growing trend, leaving SMBs free to focus on what matters: growing their business. But there’s one thing SMBs want more of when working with third parties – and that’s more proactive help with upgrading their security to cover new problems. SMBs are very open to this support and to buying additional security services from their IT, telecoms or technology suppliers – as long as it’s available.
Let’s all do more
Today’s cyber-landscape is tough for SMBs. But no matter their size, security is far too important for SMBs to ignore. Service providers and security vendors in Africa can do more to help SMBs access the best security available. By developing more skills and creating more accessible solutions that don’t require extensive expertise or time to get high levels of protection quickly, we can give SMBs the adequate protection they need.
COVER IMAGE:North Bay Business Journal
