In today’s digital age, cybersecurity has become an essential aspect for all businesses. Cyber-attacks are no longer limited to large corporations but also affect small and medium-sized enterprises (MSMEs). MSMEs are often considered as soft targets by cybercriminals due to their lack of adequate cybersecurity measures. It is crucial for MSMEs to take proactive measures to safeguard their digital assets and confidential data from cyber-attacks. In this blog, we will discuss some of the cybersecurity guidelines that MSME companies in India can follow to protect themselves from cyber threats.
According to a report by cybersecurity company NordLocker, India is ranked among the top countries targeted by ransomware attacks. Shockingly, more than half of the attacks are aimed at the country’s small businesses. The report further revealed that small businesses with an employee base of 500 are at the greatest risk, accounting for around 54 percent of total ransomware attacks from January 2020 to July 2022.
The first step towards protecting a company’s digital assets is to understand the potential threats. Cyber-attacks can take many forms, including phishing attacks, ransomware, malware, and social engineering attacks. MSME companies should educate their employees on the various types of cyber-attacks and how to identify them. Employees should also be trained on the importance of strong passwords, two-factor authentication, and the safe use of personal devices for work-related purposes.
One of the most effective cybersecurity solutions for MSMEs is Next-Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR). NGAV is a more advanced version of traditional antivirus software that uses AI and machine learning algorithms to detect and prevent cyber-attacks. EDR, on the other hand, provides real-time monitoring of endpoints, detects malicious activities, and allows for prompt response to any cyber-attack. These cybersecurity solutions can provide MSMEs with the necessary protection to keep their digital assets safe.
According to Mr. Debanuj De, Vice President at Trisim Global Solutions, a company offering Cyber Security solutions based out of Kolkata, India, “MSMEs in India need to prioritize cybersecurity as they are becoming easy targets for cybercriminals. With the rapid digitalization and the ongoing pandemic, the cybersecurity risks have increased manifold. MSMEs should consider investing in NGAV and EDR solutions and conduct regular security audits to identify vulnerabilities.”
Apart from NGAV and EDR, MSMEs can take the following quick actions to improve their cybersecurity:
- Implement a strong password policy: MSMEs should enforce strong password policies that include complex and unique passwords for each account, regular password updates, and multi-factor authentication.
- Regularly update software and applications: Software and applications should be regularly updated with the latest security patches to eliminate vulnerabilities and protect against cyber-attacks.
- Conduct regular security audits: Regular security audits can help identify vulnerabilities in the company’s digital infrastructure and allow for prompt remediation.
Sectors like manufacturing, pharma, hospitality, IT services, and healthcare are particularly vulnerable to cyber-attacks due to their dependence on technology and the sensitive data they handle.
- Cyber-espionage, intellectual property theft, and supply chain attacks are all possible threats to the manufacturing sector.
- Manufacturing companies often use industrial control systems that may be vulnerable to cyber-attacks.
- Cyber-attacks that steal sensitive research data, clinical trial information, and personal patient information can all cause significant damage to the pharma sector.
- Phishing attacks are a common method of targeting the pharma industry.
- The hospitality sector is at risk of cyber-attacks that steal sensitive customer information, such as credit card details.
- Malware attacks are a common method of targeting the hospitality industry.
- The IT services sector is at risk of cyber-attacks that disrupt critical business operations and steal sensitive customer information.
- Ransomware attacks are a common method of targeting the IT services industry.
- The healthcare sector is vulnerable to cyber-attacks that steal sensitive patient information, disrupt medical services, and cause reputational damage.
- Medical identity theft is a common method of targeting the healthcare industry.
The impact of a cyber-attack can be devastating for MSMEs, both financially and reputationally. In recent years, there have been numerous incidents of cyber-attacks on MSMEs in India that have resulted in significant losses. For example, in 2020, a ransomware attack on a small-scale pharma company in India resulted in the theft of sensitive data and a ransom payment of Rs. 25 lakh. Similarly, in 2019, a Mumbai-based construction company lost Rs. 7 crore in a cyber-attack where hackers gained access to the company’s bank accounts.
According to Aditi Chowdhury, Solution Architect at Trisim Global Solutions, “MSMEs often underestimate the impact of a cyber-attack on their business. They assume that they are not on the radar of cybercriminals, but the reality is that they are soft targets. MSMEs may suffer financial losses, reputational damage, and legal liabilities in case of a cyber-attack.”
Aditi Chowdhury suggests that MSMEs in India should be aware of the guidelines issued by the Indian Computer Emergency Response Team (CERT-In). CERT-In is the national agency responsible for dealing with cyber security incidents in India. The agency has issued a set of guidelines that apply to MSMEs, including requirements to keep logs of their network activities for at least 180 days, and to report any cyber security breaches to CERT-In. These guidelines provide a comprehensive framework for MSMEs to follow in order to ensure that they are taking the necessary steps to protect their business from cyber threats and respond appropriately in the event of an attack.
A cyber-attack can disrupt the normal functioning of a business, resulting in a loss of revenue and productivity. It can also lead to the theft of sensitive data, which can be used for financial gain or sold on the dark web. In addition, MSMEs may face legal liabilities and reputational damage, which can impact their ability to do business in the future.