Follow us on Spotify BusinessWorld B-Side

Small and medium enterprises (SMEs) face cyberattack risks due to their less advanced technologies, making them susceptible to breaches.

Many of these businesses are not aware that cyberattacks could have severe consequences, according to a cybersecurity expert.

In this B-Side episode, Daniel Bernard, chief business officer of cybersecurity technology company Crowdstrike, discusses with BusinessWorld reporter Jomel R. Paguian the looming threat of cyberattacks against SMEs and explores strategies to combat them.

In today’s digital economy, all businesses, regardless of size, are essentially “technology businesses,” said Mr. Bernard. This universal connection to technology exposes them to potential data breaches and cyberattacks, posing risks to both business reputation and consumer data security.

He pointed out the incentives for hackers to target SMEs in the Philippines — money and data.

He said that aside from ransom money, data that can be obtained from hacking is the primary objective of cybercrime. “Payment is one part of it, but it’s really the power of the data exfiltration and what you can do along the whole supply chain of that small and medium business.” 

According to Mr. Bernard, the aftermath of a data breach goes beyond monetary losses. Personal identifiable information of consumers obtained in such incidents can severely damage a company’s reputation, making data security a societal concern. “Because reputationally, the damage is too high, as well as the sensitivity of the data.”

Data breaches can also halt the operations of some businesses, he said, citing small and medium businesses in the manufacturing or services markets. “If they lost all their customer information, it’s kind of like day one all over again in the business.”

“It very well can be a company-ending event. If you don’t have cyber insurance, or you don’t have the ability to remediate an attack.”

Mr. Bernard noted that three out of four small and medium businesses are likely to experience a cyber incident. He attributed this vulnerability to a lack of security features in many of these businesses.

“In the small and medium business segment, you’ll find a good amount of businesses that don’t even have any cybersecurity at all. So those are the ones that are the easiest for adversaries to play with and to gain access to.”

He explained that hackers now use more advanced mechanisms such as employing artificial intelligence (AI), creating a significant gap in defense capabilities compared to traditional security measures like signature antivirus. “It’s a new area that we’re calling in our research ‘dark AI,’ where the adversary is using AI, but the defender is still using some kind of signature antivirus and just can’t keep up.”

“So this is a great example of where you need a better defense than the offense to actually stay protected.”