Huawei Publishes Q&A Guide with Key Partners to Improve Cybersecurity for SMEs
Economic importance of SMEs
On December 7, 2022, Huawei together with the Global Digital Foundation and EIT Digital published in Brussels a Q&A guide on how small and medium sized enterprises (SMEs) can improve their cybersecurity. This is an important initiative noting the key role that SMEs play in supporting the European economy.
- There are 25 million SMEs in Europe.
- SMEs represent more than 99% of all firms in Europe.
- SMEs employ 100 million people in Europe.
- SMEs contribute to over half of EU GDP.
Recent COVID-19 pandemic confinement restrictions accelerated the need for SMEs to further digitalise their operations and offerings, with the digitalisation of a large share of European SMEs happening very quickly. This growth in digitalisation was unfortunately marked by an increase in cybersecurity attacks. According to the World Economic Forum (WEF), there was an increase of 667% in phishing attacks during the initial months of Covid-19 in 2020. A number of these SME businesses were unprepared for cyber attacks with many employees unaware of to how to mitigate against cyber risk. It is not right to assume that cyber attacks target large companies only. There is clear evidence that the SME sector is being systematically targeted by cyber criminals too.
Key role of SMEs in global supply chains
The cybersecurity of SMEs is critical in securing the supply chain in Europe. The number of supply chain attacks is increasing exponentially. The ENISA (EU Agency for Cybersecurity) Threat Landscape Report 2022 has found that supply chain attacks account for 17% of all attacks in 2022, compared to only 1% in 2021. Many attacks where the networks or the information of customers is compromised relates to a security breach of a supplier.
Higher levels of cybersecurity for SMEs will further protect EU cyber resilience. SMEs serve critical sectors of the European economy by contributing services and products to IT providers or to utility operators.
Key challenges for SMEs in improving cybersecurity
According to an ISC2 Cybersecurity Workforce Study 2021, Europe had a shortfall of over 200,000 cybersecurity specialists. This all leads to an increased responsibility for SME managers and employees in keeping up to date with an ever-changing cybersecurity landscape. The Fortinet Cybersecurity Skills Gap Report 2022 revealed that 80% of organizations have suffered one or more breaches that could be attributed to a lack of cybersecurity skills and/or a lack of cybersecurity awareness in the workplace. According to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches involve a human element. This demonstrates the lack of cybersecurity awareness from the perspective of some employees and users. The European Cybersecurity Skills Framework was published by ENISA in April 2022. This framework identifies the critical cybersecurity skills-set required for the workplace. It also provides the appropriate tools for HR personnel so as to better understand what is exactly needed to recruit cybersecurity staff.
How does this guide help SMEs to improve cybersecurity?
This guide gives very practical advice in explaining the nature of different cyber attacks. It gives more information to SMEs in how to better understand and react to cyber attacks such as phishing, web based, malware, and DDoS attacks. There is a lot of information already out in the public domain that gives key advice as to how SMEs can mitigate against cyber attacks.
Bodies such ENISA, Europol, the World Economic Forum (WEF), OECD, and ETSI have all produced videos and information leaflets on this important topic. Under the EU Cybersecurity Act (2019), each of the 27 member states of the EU have to set up what is known as a national CSIRT office. The staff working in each of these Computer Security Incident Responce Team (CSIRT) offices are available to give advice to SMEs so as to reduce cybersecurity risks within their respective companies and on how to react if a company actually suffers a cyber attack.
Over 60% of all cybersecurity breaches involve user credentials. This guide gives advice as to the measures that SMEs can take so as to implement a stronger and more comprehensive cybersecurity strategy:
- How to enhance better access control procedures such as improving password management?
- Better manage vulnerabilities within SME product lines.
- Secure data back-up.
- Maintain an incident and disaster recovery plan
- How firewalls can improve cybersecurity for SMEs?
- It is advised that a plan to communicate with stakeholders in the case of a cybersecurity incident is established.
EU financial support programmes for SMEs
On the investment side, the EU has allocated €10 billion for cybersecurity research under the Horizon Europe research, innovation and science programme 2021-2027. Funds are available too from the Digital Europe programme for SMEs to promote higher levels of cybersecurity in Europe. These initiatives afford SMEs more opportunities to expand their footprint in Europe for developing new, innovative cybersecurity related products and services.
Cybersecurity is also a part of InvestEU, a financial instrument that supports stronger cybersecurity value chains in Europe. Under the EU Recovery and Resilience Facility Plans many EU countries are adopting plans that contain a number of additional investments in cybersecurity. A number of new cybersecurity related initiatives in the area of cyber skills will be developed too by the European Commission and by EU member states in the context of the roll-out of activities under the European Year of Skills 2023.
“I look forward to this new EIT Digital, Global Digital Foundation, and Huawei cybersecurity SME guide being launched in different countries across Europe. This guide will be positively received by SMEs and by their respective representative industry groups in Bulgaria. This new initiative can and will serve a very positive purpose for European society and for European businesses alike.”Atidzhe Alivea-Veli, Member of the European Parliament
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.