The ways SMEs can address cybersecurity challenges brought about by rapid digital transformation during COVID-19 were discussed during a webinar hosted by the FT.
The panel, moderated by Danielle Myles, contributor, fDi, Financial Times Group, offered advice on how SMEs can effectively leverage advances in digital technologies to compete with large businesses. The panelists began by outlining the significant benefits such a transformation can entail for them. Sandrine Kergroach, head of SME and Entrepreneur at OECD, noted that costs in administration, logistics and marketing could be significantly lowered through digitization.
Antony Walker, deputy CEO of techUK, agreed and pointed to the “transformational” potential cloud platforms offer to SMEs, as they have commoditized these types of technologies. This means that “services and products that once were only available to the very largest companies are now available to everybody.” In Walker’s view, the benefits of cloud platforms extend to cybersecurity. “One of the real benefits of cloud-based technologies is that you’re benefitting from industrial grade cybersecurity and resilience that means you can stay up and running,” he stated.
Later in the session, the discussion turned to the challenges for SMEs around increased tech adoption, particularly cybersecurity. Henk Koopmans, chief executive officer of R&D at Huawei UK, said fears about the scale of cyber-threats could even “be a barrier to going digital.” To ensure this is not the case, he believes there needs to be more education about the high-level security established in many technologies they can utilize. For example, “we’re so comfortable now making financial transactions using 4G – the only reason we can do that is that it’s based on standards that are thoroughly tested.”
However, Jane Dickinson, digital skills lead at The Open University, pointed out that the majority of cyber-breaches are a result of human behaviors. This issue has been exacerbated by the expanded attack surface during COVID-19, and there needs to be a far greater emphasis on security culture and awareness training throughout SME workforces as a result. “We need to create cultures where everybody takes responsibility for maintaining their own knowledge and skills in this area,” she commented.
Additionally, cyber-criminals have dramatically increased their targeting of SMEs in the pandemic due to “being less well prepared for attacks,” according to Kergroach. With these businesses having less capacity and ability to attract cybersecurity talent, they rely heavily on digital solution providers to offer that protection. Therefore, she believes IT products need to be more tailored towards the specific needs of SMEs.
Koopmans also highlighted the growth in supply chain attacks in the past year, exemplified by the SolarWinds and Kaseya attacks. As many SMEs are part of the supply chain for large businesses, “not embracing it [means] you’re becoming security-wise the weak link in the chain.” Therefore, “if you’re in the supply chain of these companies, then you have a role to play yourself.”
Walker agreed with Dickinson’s point about the importance of building a strong cybersecurity culture in SMEs. He added that many of these businesses, especially those that sell consumer-focused products, need to consider the impact of the new online harms legislation in the UK. For example, companies might need to ask questions like: “are there risks involved here? What if children access my service?”
The panel ended by discussing the digital skills gap, including in cybersecurity. On a positive note, Walker noted that during the pandemic, there has been “a massive increase in people acquiring digital skills” via online courses. For SMEs to take advantage of this emerging talent, he said they must “build a reputation that they are a place where young people can come and gain skills as a great starting point for their career.”