This Saturday marks Micro-, Small and Medium-sized Enterprises Day, a date made even more pertinent this year by the coronavirus crisis. Small businesses are being hit hardest by the economic fallout brought about by the lockdowns. According to the UN, 600 million jobs will be needed by 2030 to absorb the growing global workforce, which makes SME development a high priority for many governments around the world. The day aims to raise awareness of the contribution to sustainable development and the global economy made by MSMEs, who represent 70% of total employment and 50% of GDP globally, according to the International Council for Small Business (ICSB).
The coronavirus has highlighted just how important it is that small businesses are supported, and while their size makes them nimble and able to adapt quickly to changing circumstances, their small infrastructure leaves them vulnerable. One key point that small businesses cannot afford to overlook, both during and beyond the coronavirus situation, is the need for robust cybersecurity. Unlike large corporations with multiple IT teams and deep pockets, small businesses can be crippled by a single cyberattack, and the flow-on effects of those damages can be much more costly.
The 27th of June also happens to be the third anniversary of the NotPetya ransomware attacks that devastated hundreds of businesses across the globe. If the security systems of giant corporations were able to fall victim, the NotPetya attacks were also enough to completely cripple small businesses. With the frequency of cyberattacks only increasing, MSMEs cannot underestimate the importance of investing in an advanced and comprehensive cybersecurity solution.
Enterprises shouldn’t ignore MSMEs’ cybersecurity capabilities either, as these businesses often form part of enterprises’ supply chain, and we all know a chain is only as strong as its weakest link. While the NotPetya attacks began in Ukraine, ESET’s investigation revealed that affected companies in other countries were made vulnerable via shared use of weaponized M.E. Doc accounting software and other often less direct engagement with branches and business partners making up the supply chain. It only takes one vulnerable computer for malware to be able to get inside a network, and it can then seize administrator rights and spread to other computers. Rather than opting for a targeted spearphishing approach, NotPetya impacted the supply chain achieving maximum distribution and destruction across a range of businesses.
As such, in addition to their role as the backbone of most modern economies, micro-, small and medium-sized enterprises are intrinsic to the supply chains of large enterprises and their security should be as much of a concern to these enterprises as their own. As businesses of all sizes attempt to move forward from the impacts of COVID-19, cutting-edge cybersecurity is integral to the recovery and prevention of future crises. No business is an island, and in our increasingly interconnected and globalized world, every link in the chain must be secured in order for us all to thrive.