Blog

Updating your main database: your brain

January 29 2020

Cybercrime: a real problem for SMEs

Cybercrime in the Small Medium Enterprises is a concern that affects more and more businesses. In this context, networks play a very important role. As network become more complex and the adoption of technology accelerates, organisations digital estates become nosier and harder to protect. European SMEs, moreover, rely increasingly on their information systems and networks to prove services to customers and meet their business objectives.

Data breaches to large companies make headlines daily, but the reality is that more than half of cybercrimes target small and medium enterprises. But why SMEs are big targets for cyber attackers?

  1. Easier targets. 65 % of SME have no data security policy.
  2. Low risk, high returns. Only 10 % of cyber crimes reported to police by SMEs results in a conviction.
  3. Outdate security. Attackers bypassed multiple layers of security in 96% of SME deployments in a real-world study.
  4. Little Awareness. 58 % SME managers do not see cyber attacks as a significant risk.

As a result, SMEs face security that could be summarised as following:

  1. Lack of awareness. 69 % of European companies have either no or only basic understanding of their exposure to cyber risk.
  2. Lack of resources. In proportion to their size and income, the investments can be as much as double compared to investments of larger organizations. Furthermore, user and administrator at small and medium enterprises (SMEs) manage infrastructure environments that are often as essential and complex as they found in larger enterprises. And yet, these smaller organization must operate with limited budget and fewer engineers and administrators. In this situation, SMEs need monitoring tools that give them end-to-end network visibility.
  3. Not only lack of skills and expertise, but also lack of training. More than 35% of all unfilled vacancies in ICT sector are those of cybersecurity specialists.
  4. Under-reporting of cyber incident. Cyber-risk could be handled much easier if early warnings would reach companies on time.
  5. Lack of trust. This is the main inhibitor of cross-sector and cross-border collaboration for SMEs. Intense competition and mistrust of rivals often prevents information exchange and cooperation among different stakeholders. Because of their particular vulnerability, SMEs tend to show a high mis-trust.

Identifying SME challenges, an innovative and fresh EU funded project under Horizon 2020 has been designed: FORTIKA. Fortika provides a solution as it aims to minimize the exposure of small and medium sized businesses to cyber security risks and threats is about cybersecurity inclusion for small enterprises. It gives those SMEs access to security service through modules in a single Marketplace. The key for successful organization and prioritization of network operations and response is to align it with business needs. SMEs need low-cost, easy-to-use tools that not only can protect from cyberattack but can also provide insight into applications, servers, storage, and more. To support this, Fortika provides a solution for a better understanding of network and application performance, end user experience and availability of critical services through different bundles.

Among its different modules is the RNTA bundle provided by ENEO. The RTNTA is responsible for analysing the traffic of the SME network (connected to the FORTIKA gateway) within the FORTIKA ecosystem and will provide information in the form of NetFlow records to others modules (i.e. Visual Analytics modules, SIEMS). In order to analyse the security status of the network, the level of service consumption or to verify the level of digital trust. An example of its use can be seen in the following images.

RTNTA Traffic classification by applications

Here we can see what the Fortika Gateway traffic visualization would be using the RTNTA module, in which all traffic will be shown, being able to cross it with different display parameters; by IP LAN, WAN IP, by application, Top Talkers, bandwidth usage, etc. Together with the Visual Analyzer and other traffic information modules, RTNTA will combine Metadata storage for real-time analysis, with raw storage working on aggregated data. Such a combination of traffic information provides the basics for detecting a wide range of attacks in the cybersecurity area (from the detection of DDOS attacks based on anomalies in traffic patterns to ARP Spoofing detection).

Many SMEs are only beginning to realize how attractive they are to cybercriminals. On the other hands, these businesses are expected to perform at consistent quality. If an organization is not prepared for a security incident, it will probably not handle the situation appropriately. That is why businesses need solution to detect and see what is happening in the network traffic if they wish to respond before they suffer financial consequences.

 

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read more