As featured in the Irish Independent Business Resilience supplement

All businesses are at significant risk of cyberattack — including SMEs. However, they can protect themselves with the right training and a more proactive cybersecurity approach.

Most small and medium-sized enterprises (SMEs) are only too aware of the risks of cyberattack, notes Donna O’Shea, Chair of Cybersecurity at Munster Technological University (MTU) and Project Lead at Cyber Skills — a nationally-funded project which aims to address the cybersecurity skills shortage.

Rising cybersecurity threats to SMEs

According to the cybersecurity consortium SMESEC, 60% of all cyberattacks in 2016 were aimed at small businesses. What’s more, 60% of SMEs who fell victim to attack did not recover and shut down within six months. Despite these statistics, SMEs don’t always address cybersecurity matters properly — and for various reasons.

“Some business owners may lack the confidence and technical abilities to respond to cybersecurity risks,” says O’Shea. “Others downplay the issue and ask: ‘Who would try to hack my business anyway?’ But if their database of clients’ personal information suffers a breach, that’s a major GDPR compliance issue.”

There’s also a lot of cognitive dissonance surrounding this topic, admits O’Shea. “There’s a tendency for SMEs to think: ‘Yes, our business is at risk — but we’re going to forget about it.’ We need to change their mindset to: ‘Yes, our business is at risk — but we can respond to it properly with the right skills and training.”

Removing the mystique around cybersecurity

Cyber Skills has developed Cybersecurity for Business — a relatable workshop series delivered by industry experts. This has been designed to provide business owners with the key knowledge and skills to protect themselves against cyberattacks and remove some of the mystique surrounding the subject.

Being proactive about cybersecurity

For too long, businesses have been taking a ‘defensive and reactionary’ approach to cybersecurity — with firewalls, intrusion detection systems and anti-viruses doing all the heavy lifting. While these are all important safety measures to have in place, by the time a system reacts to a breach, the damage has already been done.

“Instead, we urge businesses to take a ‘predictive and responsive’ approach to cybersecurity,” explains O’Shea. “The workshops help them identify where their biggest risks of attack might be. We apply well-known models, tools and techniques and show SMEs how to create an incident response plan and a business continuity plan — tailored to their needs — so that, in the event of an attack, they can get up and running again as quickly as possible. Ultimately, businesses must start thinking about cybersecurity in a more structured and proactive way.”

To learn more about how to manage your cyber risk, contact us regarding your interest in the small business workshop series.