Small companies have to keep the entire IT system running with a handful of employees. On top of this lies an indispensable layer of security that brings with it many challenges.

Organizations’ security policies must be up to date to mitigate new cyber threats in the changing IT landscape. Medium-sized companies often have to keep the entire system running with a handful of IT experts, which means that a sophisticated security policy unknowingly takes a back seat. Additionally, they often underestimate how valuable their organization can be to hackers who quickly target them.

Security challenges come in all shapes and sizes and are evolving with the rapidly changing IT landscape. Small businesses are doing their best to keep up and implement their security policies, although they rely on outside specialists for certain levels of the security story.

Trigger for action

Most small and medium-sized businesses are aware of cyber threats, although some have a false sense of security and think that cyber attacks primarily target larger companies and governments. Although security is high on the agenda for most of them, it is often difficult to find the right answers to all these security issues. This means that security unconsciously disappears into the shadows of other IT tasks until the alarm bells start ringing. Cyber ​​attacks on (Belgian) companies regularly make headlines and leave a clear mark on SMEs. “We receive noticeably more phone calls and inquiries when a cyber attack makes headlines, as was the case recently with Duvel Moortgat,” says Saskia Vermeulen, Solution Sales Specialist SMB at Dustin.

When another cyber attack on a well-known company appears in the news, our phone rings.

Saskia Vermeulen, Solution Sales Specialist at Dustin

Provided the right impetus is given, SMEs still feel the need to critically question their security policy. The ever-changing IT landscape, new forms of cyber threats and upcoming NIS2 regulations make it difficult for SMBs with smaller budgets and smaller IT teams to keep up and implement. This is where external specialists can add value to assist IT staff with security policies.

Barrier-free protection

The sudden introduction of hybrid working and the massive shift to the cloud have created new security challenges in recent years. This raises new questions and usually requires a restructuring of security policy.

The accelerated adoption of hybrid working has sometimes led organizations to lose sight of the security implications. “We are increasingly being asked by companies if we can offer them complete protection, but with an accessible implementation,” says Jeroen Van Hyfte, Pre-Sales Consultant Datacenter and Network. Since the pandemic, employees have increasingly been working from home and sometimes on their own devices. As a result, many companies lost control of security and the demand for an accessible but secure approach increased.

Cyberattacks evolve quickly and manifest themselves in different forms. Many of these threats can be prevented by advanced security systems, but threats can always slip through the cracks. “If you choose complete security, it doesn’t mean you’re 100 percent guaranteed,” says Van Hyfte. “There are always aspects that a company cannot fully control, such as if an employee clicks on a malicious link and becomes a victim of phishing.”

Optimism bias

Although SMBs are generally aware of the cyber threats that can impact their business, sometimes they exist Optimism bias or a “It won’t happen to me” thought. I’m just a small self-employed person, which hacker is interested in me?

And unfortunately that is unjustified. Due to their smaller size, SMEs are an interesting target for hackers. “The more protected you are, the harder it is for hackers to break into systems, which means they get out quicker,” says Van Hyfte. Because SMBs typically have fewer resources, threat actors are more likely to target them.

Prevention is better than cure

The question should not be whether companies will be hit by a cyberattack, but when. A good security policy can prevent many threats in the long term. Dustin addresses the expectations and goals of SMEs in the area of ​​security and offers various solutions based on them. “Security encompasses several aspects. Based on the company’s needs, we can implement the right components,” says Van Hyfte.

Cybersecurity is something that needs to be budgeted for, but if nothing goes wrong in the end, it will quickly be seen as an unnecessary expense. “Companies often forget what holds security back,” says Van Hyfte. “I compare it to comprehensive insurance. Just because you have such insurance doesn’t mean the accident won’t happen again. However, you are protected from the consequences.”

SMBs are aware of cyber threats and are trying to perfect their security, but at the same time they are also the main target of threat actors. Security is too important to be considered an IT responsibility. “By partially outsourcing the security aspect to external specialists, they can concentrate on their core tasks without having to worry about the security of their company,” concludes Van Hyfte.