Today, SMBs are investing in all areas of IT, embracing cloud, mobile, and SaaS technologies to both gains a competitive edge and adapt to new, more remote ways of working.
However, cybercriminals know that, for many, these investments are new territory. They recognize that SMBs struggle with the expertise, manpower, and IT budget needed to properly secure their critical assets. And they’re taking advantage of these vulnerabilities, targeting them more aggressively with phishing attacks, malware, credential theft, and ransomware.
In Africa in 2022, Check Point Software Technologies found that the average number of organizations impacted by ransomware – per week – currently sits at 1 out of 21.
Compared to the global average of 1 in 40, this makes Africa the most attacked region in the world. In Kenya alone, SMBs lost Sh106 million (equivalent to Sh208,000 daily(equivalent to R15 million) in 17 months to March 2021 to cybercrime.
SMBs are well aware of the growing threat and are investing in cybersecurity where they can. Last year, SMBs worldwide spent USD68 billion on security solutions – with that figure expected to increase to USD105 billion in 2026. Yet despite this, IT managers still don’t feel adequately protected.
SMBs, the service providers that support them, and the vendors that develop security solutions, can all do more to protect the lifeblood of our economies from cyber attacks.
Not only are these attacks detrimental to SMBs, resulting in loss of revenue and customer trust, but they put larger enterprises at risk too. With the increase in supply chain attacks, cybercriminals are increasingly using more vulnerable SMBs as an entry point into larger enterprises.
So, what can be done?
1. Improve access to specialist cybersecurity skills
In our survey, we found that only a minority of SMBs around the world have internal security specialists. This means that a large number of SMBs either have no security products in place, or these products are managed by non-specialist staff.
SMBs are struggling to find – and keep – the security expertise they need. Where talent is available, it’s often swallowed up by larger enterprises that can afford to pay larger salaries.
To solve this, we need to make the talent pool bigger. Cybersecurity vendors and their partners can play a critical role here, offering more skills development programs across the continent. This is something Check Point is actively engaged in with our SecureAcademy initiative.
Together with universities across Africa – including Strathmore University in Kenya and the University of Chouaib Doukkali in Morocco – we’re providing the future workforce with cybersecurity skills and employable certification.
Our local partners are also very on board with our internship program, which has provided over 100 previously disadvantaged students with cybersecurity training and internships, leading to many obtaining permanent jobs within our ecosystem.
2. Make cybersecurity solutions simpler and more affordable to deploy
Most concerning in our survey is the finding that many SMBs do not have even simple security products in place. Where products are used, it’s most often basic anti-virus software.
The reasons for this are linked to the point above: SMBs either lack an understanding of their security options or are looking for solutions that are quick and easy to deploy by non-specialist staff.
There’s also the issue of tight budgets. Many SMBs simply can’t afford the prices of the advanced threat protection they need today.
Again, this is where cybersecurity vendors and service providers can step up to the table, offering bespoke ‘all-in-one’ security packages that meet SMB needs. And what exactly do they need? Looking at our SMB Security Report, survey results showed that:
- For SMBs, the number one must-have when considering security gateways is threat prevention performance, followed by solutions that are quick and easy to implement, manage and report on.
- SMBs are looking for bundled offerings, specifically requesting mobile security, incident response management, cloud and email security, and endpoint protection.
- In terms of budgets, SMBs would rather take on providers with more flexible payment options, leaning towards monthly payments or pay-as-you-go subscriptions for broadband access, security, and service support.
3. Engage more with managed security service providers (MSSPs)
If talent and budget constraints continue to be a challenge, SMBs can also consider outsourcing their security to third-party managed security service providers (MSSPs). With an MSSP, SMBs can gain access to experienced cybersecurity professionals at an affordable cost.
Third-party advisors can provide expert advice on the best security solution for each SMB, along with training and ongoing support.
We see the use of MSSPs becoming a growing trend, leaving SMBs free to focus on what matters: growing their business.
But there’s one thing SMBs want more of when working with third parties – and that’s more proactive help with upgrading their security to cover new problems. SMBs are very open to this support and to buying additional security services from their IT, telecoms or technology suppliers – as long as it’s available.
Let’s all do more
Today’s cyber landscape is tough for SMBs. But no matter their size, security is far too important for SMBs to ignore. Service providers and security vendors in Africa can do more to help SMBs access the best security available.
By developing more skills and creating more accessible solutions that don’t require extensive expertise or time to get high levels of protection quickly, we can give SMBs the adequate protection they need.