MSMEs vulnerable to cyber attacks in COVID-19-induced work environment

A new study says 60 per cent of all cyber attacks are aimed at MSMEs

Cyber attack Representational image

When a mid-size company that specialises in designing toys to teach kids engineering skills, was hacked by cyber criminals, it refused to give in. “We will not pay the hefty ransom to get our data back,” it declared. Instead, the company staff went to work manually reconstituting their core systems the hard way, and was back in business four days later.

Of course, the company did lose a tidy sum as the systems breach made it miss sales in the peak festive season of 2015, when the incident happened. The company did scrape through, but many of India’s MSMEs (medium and small businesses) may find the going tough, especially with the COVID-19 pandemic having an equally virulent offshoot in cyberspace. While one report indicates that COVID-related phishing attacks have gone up by a staggering 667 per cent since February this year, India’s cyber security coordinator Rajesh Pant says we are the third most cyber-attacked country in the world.

And the nation’s small and medium businesses are bearing the brunt of it. A new study says 60 per cent of all cyber attacks are aimed at MSMEs, and of these companies, 60 per cent never recover from it.

“MSMEs are among the worst hit,” says Sandip Kumar Panda, co-founder and CEO, InstaSafe, a security solutions provider which operates between Freemont, US and Bengaluru. When the pandemic hit, forcing companies big and small to migrate to work-from-home (WFH), cyber thieves also set out to work. Panda adds, “Large enterprises always have the checks and balances in place to allow remote connectivity. They also had ample resources to enable them to migrate to newer methods of security and connectivity.”

MSMEs, on the other hand, come a cropper here. “They neither have the resources at hand nor the bandwidth to extend remote connectivity securely to their workforce,” points out Panda. Adds Kuntal Shah, director- sales engineering (India & SAARC), Avaya, “Criminal hackers target MSMEs, as often, they would not have complete security setup deployed as per best practices.”

For MSMEs, the danger goes beyond temporary halt to business and transactions. When data lost involves personal information like credit card numbers, the domino-effect to reputation, not to mention customer attrition, can acquire a momentum of its own. There are also liabilities involved when a cyber attack impacts customers and suppliers. Many MSMEs, already fledgling in uncharted waters in these post-lockdown times, may simply not be up to spending time and resources to mend such a blight.

The solution, many experts feel, range from adopting technologies ranging from Cloud services to SD-WAN infrastructure, to better encryption and increased risk surveillance. Check Point, one of the world leaders in cyber security, has come up with a fully-automated cloud platform that enables customers to seamlessly protect all of their cloud deployments and workloads. Many others, including Avaya, have come up with Cloud storage solutions as a 'vaccine' to the security loopholes of office networks in an age when they are remotely accessed.

The likes of Barracuda Networks, meanwhile, pitches for what it calls Software-Defined Wide Area Network (SD-WAN) to secure public cloud. It also indicates that in its survey among 750 Indian executives, more than half said they were worried about security of public cloud storage, while nearly 40 per cent felt it was difficult to integrate cloud with older technology.

But, with the new SANS survey finding that increased use of public clouds is the leading cause of security disruption, the pole position in this cyber security race is still up for grabs. Many feel too-fast-a-migration to cloud and using multiple clouds could be the root cause. “Cloud security can be challenging. However, the real challenge is multi-cloud, as our data continually shows that over 80 per cent of organisations have multiple cloud providers. The goal is one set of policies to rule them all,’ suggests Frank Dickson, program vice-president (security & trust) at IDC.