Phishing, ransomware, and other scams have certainly concentrated the mind somewhat, and these attacks are most definitely not confined to the large enterprise businesses, but have been attacking, with a lot of success, the small to medium business market. The current Log4j flaw has highlighted just how much computer code is used from open sources and developed with less rigour than that from established software houses. It also emphasises just how much of that code is embedded in apps and systems in use in business today.
Of course Cyber Security professionals and companies are forever playing catch up to the bad guys, and now, with nation states very much getting themselves involved, it’s becoming a battle that is increasingly hard to get ahead of, let alone win. You might ask, what has a nation state got to do with us SMEs, surely they are focused on a much higher plain. Well, yes and no. Obviously they want to disrupt business on a national level, so how much better to do it than to upset the SME market. Remember that according to the DTI, SMEs make up nearly 95% of the UK GDP. SMEs are very much involved in the supply chain for the bigger businesses and offer quite a decent ‘attack vector’ for a criminal or nation state attack.
So is 2021 the year that business woke up to the fact that cyber security has become everyones problem? I would argue that it has been everyones problem for a long time now but whilst the big enterprise organisations see cyber security as a business issue and not an IT issue, SMEs have still not fully woken up to that reality.