Author: Dimitris Koupatsiaris, Cybersafe
Introduction
Greek businesses, especially SMEs, have long been cautious about spending on anything that doesn’t promise immediate sales. But the landscape is changing: today, cyber threats can cripple a business overnight, and new European laws mean the cost of inaction is higher than ever. Here’s what you need to know to keep your SME out of the headlines—and in business.
One class of investments that usually do not directly contribute to an increase in sales is the business’s digital infrastructure and cybersecurity resilience expenditures. Especially with cybersecurity, SMEs tend to apply the “big sky, small bullet” philosophy, much like the naval aviators in the past. They are convinced that they are going to be lucky and not get cyberattacks at all, and even if they do, no damage would be inflicted on them.
The Cyber Threat Landscape for SMEs
The truth is far from the “big sky, small bullet” philosophy. Not only are the perceived statistics distorted, as ENISA publications highlight, but the measures undertaken by Large Enterprises to strengthen their cybersecurity posture push the cybercriminals to search for “easier targets”. Thus, malware attacks, phishing scams, data breaches, and ransomware are applied easily, and the only thing the cybercriminals have to do is gather good intelligence and adjust the proper price for extortion after a successful attack.
As is the case with all matters relating to security, cybersecurity starts with simple practices:
- Regular Software Updates. Keep all software and operating systems up-to-date with the latest security patches.
- Strong Password Policies. Implement strong, unique passwords for all accounts.
- Employee Training. Educate employees about cybersecurity best practices, including recognizing phishing attempts and social engineering tactics.
- Network Security. Use firewalls, intrusion detection systems, and other network security tools to protect your network.
- Data Backup and Recovery. Regularly back up your data and have a reliable recovery plan in place.
- Incident Response Plan. Develop a comprehensive incident response plan to minimize the impact of a cyberattack.
Unfortunately, though, as the landscape continues to evolve, simple practices are essential, but not enough to protect an SME from evolving threats. In addition to that, the recently issued NIS2 Directive (EU 2022/2555) expands the context of critical sectors of the economy for cybersecurity, and its implementing regulation (EU 2024/2690) poses technical and methodological requirements for all entities operating in critical sectors to meet them.
Both EU directives are in the right direction. However, SMEs that operate in: postal and courier services, food production processing and distribution, and manufacturing, are from now on required to meet a series of requirements set by the EU 2024/2690. Only some of them are: security of NIS systems policy, incident handling, risk management policy, and business continuity and crisis management. Even Large Enterprises with numerous IT staff outsource the implementation of a fraction of the requirements to other entities, primarily to Security Operating Centres (SOC).
The Role of a SOC in Protecting an SME
A Security Operations Center (SOC) has a mission to detect, analyze, and respond to real-time security incidents. This combination of cybersecurity functions allows the SOC team to maintain vigilance over the organization’s networks, systems, and applications and ensures a proactive defense against cyber threats.
Consequently, a SOC can provide key services, some of which are:
- 24/7 threat monitoring
- Incident detection and response
- Vulnerability assessment and management
- Security information and event management
Not many SMEs can meet the EU 2024/2690 requirements, especially the services a SOC can provide. This is the reason for the creation of SOC4SME, which is an initiative specifically designed to provide SOC services to SMEs.
Conclusion
It turns out that the practice of avoiding investing capital that is not directly connected to an increase in sales cannot be applied anymore. SMEs must adapt to the evolving cybersecurity landscape, primarily to protect their business, their customers, and their revenue, but also because it is required by the implementing laws of the NIS2 Directive.
Visit SOC4SME and learn more about its vision, capabilities, and the value that it can add to an SME.
Contact SOC4SME today to secure your business.
Did you know? (Fun fact)
The term “big sky, small bullet” was coined during the Cold War in the U.S. Navy. Back then, the USN devised a series of methods and tactics that would improve airplanes’ and aviators’ survivability from accidents and battle damage. However, the Navy instructors realized that the aviators were reluctant to adopt the new methods because they believed that the chances of something bad happening to them were slim. Naturally, the methods devised were not as exciting as the high-speed fly-bys close to a destroyer’s superstructure. When the Navy instructors realized that, they made debunking the “big sky, small bullet” philosophy their top priority.