Huawei & Partners Release SME Cybersecurity Guide at MWC Barcelona 2023

In this post, I look at the current state of play of cybersecurity for SMEs in Europe in the context of our new guide, which gives practical measures that SMEs in Europe can take to increase their resilience against cyber attacks. You can download the guide here: Q&A Guide: Promoting Cybersecurity for SMEs in Europe.

EIT Digital, the Global Digital Foundation, and Huawei released a Q&A guide on promoting cybersecurity for small and medium enterprises (SMEs) in Europe at Mobile World Congress (MWC) Barcelona 2023.

The reality is that SMEs are a key foundation in the operation of both the European and global economies. And the statistics speak for themselves:

• Half of Europe’s GDP emanates from the work output of SMEs.
• SMEs employ 100 million people in Europe alone, accounting for 99% of all the firms based in the EU.

But SMEs face many daunting and complex challenges. They are on the receiving end of an ever increasing and exponential level of cyber-attacks that ultimately can have a crippling effect on both their survivability and performance. According to the World Economic Forum (WEF), there was a 667% increase in the number of cyber-attacks during the first months of the COVID pandemic back in 2020.

So, what can SMES do to mitigate cyber risk?

Owners, managers, and employees in SMEs must face up to the reality that cybersecurity is now an ongoing business risk. In response to this new reality, more best practices in the field of cybersecurity must be implemented to safeguard both the operations and assets of SMEs.

A higher level of training of employees is really important to foster a greater understanding of the ever-evolving and sophisticated nature of cyber-attacks. Such attacks can, for example, come in the form of phishing, malware, a breach of web-based infrastructure, or a Distributed Denial of Service (DDoS).

Securing sensitive data and protecting it from theft must be an essential element of cyber skills training. According to Verizon’s 2022 Data Breaches Investigations report, 82% of data breaches are as a direct result of human behavior. In other words, it is human error that allows cybersecurity attacks to succeed in the workplace.

Moreover, the nature of cyber-attacks is changing. In 2021, only 1% of cybersecurity attacks related to supply chains. In 2022, this figure dramatically rose to 17%. Networks and customer information can be directly compromised as a result of a security breach of a supplier. European and global supply chains are only as safe and as resilient as the weakest link within this economic chain.

Your questions answered

The Q&A Guide: Promoting Cybersecurity for SMEs in Europe provides:

• practical advice on how SMEs can better secure password management and enhance access control.
• proposes measures that SMEs can undertake to better secure data back-up and to strengthen firewall installation and maintenance, including an incident and disaster recovery action plan.

ENISA, the European Cybersecurity Agency, is empowered to bring forward initiatives to improve cybersecurity within the 27 member states of the EU. Under the EU Cybersecurity Act 2019, ENISA is charged with better streamlining and structuring how cybersecurity can be improved across the whole of the European Union. In April 2022, ENISA published the “European Cybersecurity Skills Framework” in which it identified the critical cybersecurity skills required for the workplace. It also specifies how HR personnel can better understand what is exactly required to recruit the appropriate and necessary cybersecurity staff.

The lack of cybersecurity skills is a real problem for both the European economy and for society. The Fortinet Cybersecurity Skills Gap report 2022 revealed that either a lack of cybersecurity skills and/or a lack of cybersecurity awareness in the workplace is the cause of cyber-attacks in 80% of organisations that have suffered from an attack.

What help is already out there?

Many other organisations have published videos and comprehensive materials on how SMEs can mitigate cybersecurity risk, and on how SMEs can respond in the case of a cybersecurity attack. Such bodies include the Organisation for Economic Co-operation and Development (OECD), the World Economic Forum (WEF), the European Telecommunications Standards Institute (ETSI) and Europol. Many cybersecurity bodies within individual EU member states have also published excellent materials on how to improve cybersecurity for SMEs.

Under the EU Cybersecurity Act (CSA) 2019, each EU country must set up a cybersecurity office known as a CSIRT (Computer Security and Incident Response Team). SMEs should meet with representatives from the local national CSIRT office to receive advice on the practical measures that SMEs can take to improve cybersecurity performance.

EU: Financial resources for SMEs to take action on cybersecurity

The European Union is operating a number of different initiatives that is financing a host of different measures that can help to improve cybersecurity for SMEs. Such EU backed programmes include Horizon Europe research, an innovation and science instrument, and the Digital Europe cross border infrastructure initiative. The EU has also set up in 2021 a new European Cybersecurity Competence Centre and Network (ECCC) that will be headquartered in Bucharest. One of the primary purposes of the ECCC is to better co-ordinate in an aligned manner cybersecurity actions and initiatives that are being undertaken at both an EU and at a national level.

To get started on your cybersecurity journey or check where you’re, download the Huawei Q&A Guide: Promoting Cybersecurity for SMEs in Europe.

Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.