Cybersecurity, a new challenge for SMEs - Companies

Cybersecurity, a new challenge for SMEs – Companies

Most cyberattacks are not very sophisticated and compliance with a few “basic” rules is often enough to repel them. Still need to look at these basic rules…

A small figure to situate the scale of the problem: phishing attacks in Belgian companies have increased by … 667% since the Covid-19 pandemic, relays the EY office in a study on cybersecurity, published this Thursday 12 May on the occasion of the spring cocktail of Trends-Tendances, the RTBF and the Cercle de Wallonie. It’s not just a coincidence of timing, the pandemic was indeed an “important factor” in the growth of cyberattacks, says Marie-Laure Moreau, managing partner of EY for Wallonia. “Companies have accelerated their digitization to facilitate teleworking and allow them to continue their activities, she explains. New technologies have been put in place and more and more devices have been connected. This evolution has not not always conducted in a very secure environment and this has opened up windows of opportunity for cybercriminals.”

A small figure to situate the scale of the problem: phishing attacks in Belgian companies have increased by … 667% since the Covid-19 pandemic, relays the EY office in a study on cybersecurity, published this Thursday 12 May on the occasion of the spring cocktail of Trends-Tendances, the RTBF and the Cercle de Wallonie. It’s not just a coincidence of timing, the pandemic was indeed an “important factor” in the growth of cyberattacks, says Marie-Laure Moreau, managing partner of EY for Wallonia. “Companies have accelerated their digitization to facilitate teleworking and allow them to continue their activities, she explains. New technologies have been put in place and more and more devices have been connected. This evolution has not not always conducted in a very secure environment and this has opened up windows of opportunity for cybercriminals.” A global survey conducted by EY indicated that 81% of companies had been forced to “bypass existing cyber processes” to continue operating during the pandemic. In Belgium, a study by the FPS Economy indicated, last March, that 21% of SMEs with less than 50 people (and 10% of less than 10 people) had been victims of a “computer security incident”. The administration had then developed a “Cyberscan” through which SMEs can assess their resistance to such attacks and discover tools to improve their defense. “A few years ago, cybersecurity was an item at the end of the agenda in audit committee meetings, continues Marie-Laure Moreau. Today, everyone has become aware of the seriousness of the situation. The question is no longer ‘Are we going to suffer a cyberattack?’ but ‘When will it happen and can we quickly restore our data?'” If large companies can a priori assemble specialized teams to face these IT challenges, it is quite different in the thousands of SMEs, where IT is managed with the means at hand, without dedicated staff. “A few basic rules already make it possible to limit the risks, points out Pascal Laffineur, CEO of NRB, an IT services company belonging to the Ethias group. Having, for example, up-to-date software is already a very useful element, as is carrying out regular tests phishing to raise staff awareness. Many attacks occur when employees, thinking they are doing the right thing, click a little too quickly on malicious links. It would be a mistake to believe that cybersecurity is automatically sophisticated and expensive solutions “Basic, inexpensive measures can be very valuable. Most attacks aren’t very sophisticated, there really is a way to protect yourself.” Awareness work exists. In Belgium, some 8,000 suspicious emails are thus reported to the authorities every day. But that is obviously not enough to evade the risk of attack. Marie-Laure Moreau underlines the interest of intrusion tests, through which specialists behave as “legal hackers” and try to interfere in a company’s systems to test the robustness of its IT environment. “It’s amazing to see how these experts manage, sometimes very quickly, to enter a computer system,” she concedes. And it is indeed an ideal way to detect possible flaws. One of the keys is the detection of infection. On average, it takes 101 days for a company to detect an attack, to realize the reason for the gradual slowdown of its computer system. And, of course, during all this time, the hacker can steal the data and the virus infects it. “You really need to arm yourself to be able to detect attacks more quickly, insists Marie-Laure Moreau. Today, only 12% of organizations are able to detect threats.” “Breaking in without being seen in order to be able to steal information over a long period of time is the principle of many cyberattacks, adds Pascal Laffineur. It is therefore useful to have a person dedicated to these subjects, who takes the trouble to regularly look at the problems and who, in case of doubt, can request an intervention. A cybersecurity check is not very expensive, even for a small SME. It is a real investment with an almost guaranteed return !” The cybersecurity check was set up by the Walloon authorities to help companies finance a “cyberdiagnosis” of their infrastructures. According to the Union wallonne des entreprises, the ecosystem of service providers is however not yet well developed and the quality of services sometimes remains a bit uncertain. “But things are moving, rejoices Lisa Lombardi, Entrepreneurship, SME and Digital expert at UWE. Universities and colleges offer training in cybersecurity, there are specific training courses for job seekers or for managers. of SMEs.” This momentum should gain momentum with the launch of Cyberwal in Transinne. This consortium brings together around thirty Walloon players with the ambition of developing research, innovation and training in cybersecurity. “The UWE, like Agoria moreover, is associated with this initiative which unites forces to convince that this theme must become a priority for companies”, adds Lisa Lombardi. This initiative is in addition to the work begun in this area at A6K in Charleroi, near the new military district which will host the Cybersecurity component of the Belgian army, and on the e-campus of Tournai, which was one of the pioneers in Wallonia. Is it preferable to radiate throughout the territory from several centers or, rather, to concentrate forces in a large center of excellence? “If we are trying to reach the smallest SMEs, it is interesting to have delocalized centers, which they can more easily contact”, replies Pascal Laffineur. The pitfall here may be the scarcity of skills: companies are already struggling to find the IT specialists they need, can we decently multiply the public centers likely to help them with cybersecurity? “If we could convince more and more people to train in cybersecurity and IT in general, that would be great, concludes the boss of NRB. This niche is not reserved for engineers and bac+5, there is a way to train a lot of people.”

.

Leave a Comment

Your email address will not be published.