Cybersecurity in small and medium-sized enterprises: the urgency of general mobilization

the essential
While the Cybersecurity Business Convention is being held today in Toulouse, cybersecurity, especially for SMEs, has become a major development issue.

Data theft, ransom demand, image damage, sabotage, identity theft, industrial espionage, etc. In recent years, cyber threats have increased alarmingly. Logical since our society has become more and more digitized, that administrative or commercial procedures are increasingly dematerialized, that IT has interfered in an increasingly high number of tasks to the point of becoming essential. .

Everyone remembers the August cyber attack on the Corbeil-Essonnes hospital. Victim of hackers who demanded a ransom of 10 million euros, the establishment found itself completely paralyzed and even had to suffer a data leak concerning its patients. But it is above all SMEs that find themselves the preferred targets of cyberpirates because they have not yet acquired a culture of cyber risk.

“Small, medium and intermediate-sized structures are particularly at risk: in the absence of protective devices, they are a prime target for malicious actors who optimize their gains by attacking the most vulnerable. Fortunately, it is possible to make “cyber” an opportunity! Because by protecting themselves – and, by capillarity, by protecting their partners – companies ensure their sustainability and strengthen the trust that binds them to their stakeholders”, explains the National Agency for the Security of Information Systems (Anssi) which multiplies awareness-raising initiatives between workshops and the publication of guides. The latest, “Cybersecurity for VSEs/SMEs in thirteen questions”, was published in October.

One in two companies already attacked

The subject is broad: according to the CESIN 2022 Corporate Cybersecurity Barometer, more than one in two French companies (54%) experienced at least one cyberattack in 2021. Attacks that are mainly carried out by ransomware (+255% between 2019 and 2020 according to Anssi) with an average loss of €50,000 which often has a strong impact on turnover. According to a Stoik study, the time to restore the computer system and possibly recover data backups, a company loses an average of 27% of its annual turnover. And 60% of SMEs attacked do not recover and file for bankruptcy within 18 months of the attack. The statistics of cyberattacks could also be even higher than the official figures since half of the French companies having suffered a cyberattack have given up filing a complaint…

French companies and cybersecurity
MDD

The cybercrime landscape has also changed significantly due to the Covid-19 crisis. First by maximizing the risks – 47% of teleworkers have already been tricked by phishing – and also by diversifying the methods of cyberattack: 35% were of a type hitherto unknown.

But awareness of the cyber threat is gaining ground. 40% of companies invested in their cybersecurity in 2021 and 55% needed to strengthen their protection for this year. An Insight Avenue study for security software maker ESET found that 83% of SMB cybersecurity leaders worldwide say cyber warfare is “a very real threat.”

France good student

SMEs “take the measure of the risks they incur with a desire to undertake security audits, if this has not already been done, or even to deploy solutions. It’s a sign of maturity,” analyzes Benoît Grunemwald, cybersecurity expert for ESET France, who highlights the two main concerns and fears of SMEs: data loss (66% in France) and financial impacts (78%). In any case, several elements revealed by the survey data confirm this forward march in which French SMEs are actively taking part.

France is also one of the good students: 60% of SMEs have already carried out an audit and 70% say they are ready to entrust the management of their cybersecurity to a company with expertise in the field. “Generally speaking, SMEs that invest heavily in tools, training and auditing do so following an intrusion,” observes Benoît Grunemwald. The whole objective is therefore, in the future, for the cybersecurity budget to be established upstream of a threat, and therefore before it occurs.

In Toulouse, a show for professionals

The 4th edition of the CBC (Cybersecurity Business Convention), the digital security trade show for businesses and communities in Occitanie, is taking place this Tuesday, November 22 at the Pierre Baudis Congress Center in Toulouse.
Organized by Dépêche Events, a subsidiary of the La Dépêche Group, with AD’OCC, the economic development agency of the Occitania Region and Cyber’Occ, the Cybersecurity portal in Occitania, the show brings together cybersecurity experts and major economic and institutional. Several thematic round tables are planned (acculturation to cybersecurity, protection of personal data, supervision of digital security), as well as workshops (cybersecurity and digital sovereignty, Firewall and operating systems, PIA and protection of personal data, threat hunting and cybersecurity) and animations (simulation of cyberattacks, vulnerability test). 100 exhibitors and partners are on hand to discuss, raise awareness and develop networks and expertise.
More information : cbc-convention.com/

Leave a Comment