Cybersecurity

Helping small businesses fight cybercrime benefits the global ecosystem

An SMS message sent by SingHealth to clients affected by a cyberattack is seen on a mobile phone in Singapore July 23, 2018.

Cyber criminals don't just go for the big firms – often the entry route is through smaller companies who make up their supply chains. Image: Reuters/Thomas White

Amy Jordan
Lead, Cybersecurity Delivery, World Economic Forum Geneva
Andy Bates
Executive Director, Global Cyber Alliance
Share:
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Cybercrime

Small businesses are the lifeblood of the global economy. They provide all manner of essential services – to individuals, to government, to larger organizations and to each other. For small businesses, when it comes to cybercrime the risks are great. The statistics show that 58% of cybercrime targets small businesses, with the global cost of cybercrime standing at $600 billion in 2018.

These figures may appear surprising, largely due to the fact that most media coverage of cyberattacks focuses on large businesses, which impact high numbers of customers. What many people don’t know, however, is that small businesses are often the easy way into larger enterprises. Attackers will, for example, gain access to the credentials of a small business in the supply chain of a large enterprise as a pathway into the larger company, and the breach will often go unnoticed until after the attack has been carried out.

Have you read?

Whether it is the primary target of an attack or a route into a larger organization, a small business can be crippled by a cyberattack. In the UK, it is estimated that the average direct cost of a breach for a small business is £25,700, while indirect costs, such as reputational damage, could be significantly greater. Recovery from an attack is difficult at best; at worst, it could mean shutting up shop. Ignoring cyber risk is not an option. Prevention is by far the best course of action.

But where to start? There is a huge amount of advice available about what to do, but it is often confusing and sometimes contradictory. The vast majority of small businesses lack the technical knowledge needed to prevent cyberattacks and do not have the financial resources to invest in enterprise-level security. Small business owners may wonder, “Why would anyone want to attack me?” or they may prefer to focus on generating revenue. But the truth is, not only do small businesses hold valuable information themselves but they can also act as a stepping stone into larger organizations that the hackers may ultimately be targeting.

Using the right tools

The GCA Cybersecurity Toolkit for Small Business enables smaller firms to navigate the confusing array of advice free of charge, to help them shore up their cyber defences and reduce their cyber risk.

The toolkit incorporates guidance from some of the world’s leading cybersecurity organizations, including the Center for Internet Security (CIS) Controls, the UK’s National Cyber Security Centre Cyber Essentials, and the Australian Cyber Security Centre’s Mitigation Strategies, in particular on how to:

• conduct inventories of devices and applications to ensure small business owners can more readily act to protect them;

• ensure that security settings of devices are effectively updated in order to identify any issues automatically;

• ensure that accounts are protected by strong passwords and two-factor authentication;

• access a range of tools that can be used to prevent common attacks and ensure devices are backed up in the event an attack does occur;

• protect company brand and ensure emails and websites are not being used fraudulently or for malicious purposes; and

• implement policies and recommendations for training employees to understand how to identify and avoid phishing emails.

Image: Wombat Security, 2018 State of the Phish Report

For example, there are specific toolkits on the following:

Prevent Phishing and Viruses – where tools included seek to help prevent these types of attacks, such as domain name system (DNS) security tools, which help prevent you getting to infected websites, and anti-virus software to help prevent viruses and other malicious software getting into your systems;

Defend Against Ransomware – tools are provided to assist businesses in setting backups for systems and data to ensure smooth recovery from attacks;

Protect Your Brand – this toolbox provides some easy-to-use tools that help protect company email domains from being used to carry out cyberattacks, as well as trademark monitoring tools to give visibility to how your brand might be being misused.

If implemented in full, the measures in the toolkit could have a significant impact on reducing cybercrime. The CIS Controls, for example, can provide effective defence against the most common cyberattacks (comprising some 85% of attacks). Providing small businesses with tools to protect themselves from ever-evolving cyber risks not only strengthens their individual businesses but also supports the health of the entire commercial ecosystem, including governments and larger companies.

The World Economic Forum and the Global Cyber Alliance will continue to work closely together on this initiative and others that can help fight cybercrime on a global scale.

Click here for more information about the toolkit.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us

Events

Media

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum