There is no doubt in the fact that organizations are becoming more tech savvy and are relying on the technology to boost their businesses sky high. But, with this rapid increase and reliance on digital networks brings SMEs to a point where they cannot ignore the risks of cybersecurity threads. Check out my previous POST on dangers of the darknet. Today the threads have the potential to be more destructive for SME’s because they cannot afford cybersecurity specialists. This means that SME’s are becoming the number one targets for cyber attacks. What can SMEs do to protect themselves? Look into the SME Cybersecurity developments in the Netherlands.

SMEs Excuses not to invest in Cybersecurity

Many SMEs believe that they will not become a target of hackers and cyber threads are a myth. Moreover, research conducted by Juniper shows that 74% of SMEs believe they are safe, despite the fact that half of them have suffered a cyber attack.

The Dutch Ministry of Security and Justice in their assessment report clearly stated that Private organizations are mostly affected by cyber criminals in order to obtain sensitive data. The table emphasizes in RED the most common types of cyber attacks.

SME Cybersecurity assesment in the netherlands

Understanding the Risks and Protecting your business

Many SMEs gather Personally Identifiable Information, Personal Health Information and Customer Information is usually the target of hackers because it can be sold to competitors, exploit the customers for personal gain which can ultimately destroy the image of your business or spy on the company’s transactions or information.

Imagine that all the employee data was stolen? What damage can be done to each person in your company? Bank numbers, personal IDs, or delete all the data? This can be the point of no return to any business if not protected properly.

In 2017 the famous Verizon Investigation Report explained that 73% of breaches were financially motivated and 78% of intrusions were rated as low difficulty.

Developments and SME Cybersecurity in the Netherlands

–         Cybersecurity costs and benefits do not always lie with the same party

There is a clear focus on making the benefits clear and the security affordable for SMEs, but there is a lack of direct stimulus to invest in security. This is where cybersecurity agencies support the Dutch Ministry of Security on creating a safe environment for companies to operate and educate the companies.

–        Societal Responsibilities

As the online world is becoming more regulated by the developing governments and new regulations, it becomes more important to stay on the same page with all the cybersecurity developments within companies. New regulations such as the General Data Protection Regulation and European Commission e-Privacy regulation put new responsibilities on companies in terms of personal data processors, including in the field of information security and privacy-by-design. These regulations are focused on protecting SMEs and the end users from the threads which can easily be avoided.

–        Increasing standards of behavior in the digital domain internationally

Known conflicts which are expressed after countries elections arguing that democratic processes were influenced by hackers and digital attacks. The Netherlands during the elections to the Dutch House of Representatives in March 2017 expressed their concerns regarding the protection of the sovereignty of countries during elections on the international level. Creation of international standards of behavior in the digital domain is increasing together with transparency on what is and is not permitted to this will make future conflicts more manageable.

–        Divergent views on the responsible disclosure of vulnerabilities

This topic is receiving a great deal of attention not only in the Netherlands but around the world. The disclosure of vulnerabilities in IT systems and software products can have a major impact both on Cybersecurity service providers and SMEs. On the positive side, this means that parties will be able to resolve the vulnerabilities and take countermeasures. The downside to this is the possibility which allows malicious parties to exploit the vulnerabilities sooner than the new patch or fix is released.

Media and news can contribute to the awareness of cybersecurity, but at the same time, inaccurate reporting can lead to overreaction, leading to declining of trust in cybersecurity services. It is therefore up to Red Socks to balance this news from a professional perspective and introduce in an understandable way.