SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybercriminals exploiting SMEs as remote working continues
Tue, 12th Oct 2021
FYI, this story is more than a year old

Remote working is leading to increased cyber security risks for small to medium sized enterprises, according to new research from ServerChoice.

The research, conducted with 1000 business leaders at SMEs, found that changes in working patterns are resulting in infrastructure being left unmonitored and business data being rendered more vulnerable to exploitation.

Lockdowns and the pandemic have induced new working patterns, meaning that many technical staff at SMEs are now based remotely. As a result, 77% of SMEs see remote working as an increased risk to their business.

According to ServerChoice, the cause behind this heightened risk is due to a lack of access to business infrastructure.

The research discovered that two-thirds of SMEs (66%) now find it harder to monitor their infrastructure, while 25% have opted to leave infrastructure unmonitored altogether, posing a large risk if they should fall victim to a cyber-attack in future.

It is clear that while remote working is convenient for many, the increased distance between technical staff and their infrastructure, and the subsequent delay time in maintenance and disaster response, presents an ideal opportunity for cybercriminals to exploit vulnerabilities.

The report also found that some industries are more at risk than others.

The essential services that the education, healthcare, and financial industries provide mean that businesses in these industries are regular targets of cybercriminals as their data is vital for day-to-day operations. In retail, many SME vendors are still adapting to the increase in online transactions brought about by the pandemic, making them more susceptible to breaches of security too.

As a result, these industries need to ensure their infrastructure is regularly monitored and maintained, to avoid being compromised by malicious actors. However, despite the pressure these industries are under, ServerChoices research reveals many SME leaders in different sectors are still leaving infrastructure unmonitored.

The findings show:

  • The healthcare industry has been impacted most by remote working, with 89 percent of healthcare leaders stating that remote working has added extra risk for their infrastructure
  • Manufacturing has been the least impacted, with 29 percent of leaders saying that there has been no effect on infrastructure risk as a result of remote working
  • Despite believing that there is an increased risk brought on by flexible working practices, 1 in 5 retail and education SMEs still leave their infrastructure unmonitored. 16 percent of healthcare businesses and 18 percent of financial services businesses also do the same

"Although it may not appear on a balance sheet, data is one of the most valuable assets for any business," says Adam Bradshaw, commercial director at ServerChoice.

"Offices and laptops can be replaced, but a company's proprietary data cannot,"  he says.

"Our research has found that remote working is exposing SMEs to additional risk of compromise and some businesses are being forced to leave infrastructure unmonitored. This is a big risk. It could lead to data breaches that expose sensitive data or even leave systems open to encryption and ransomware attacks."

Bradshaw says it is imperative that SMEs treat their data and IT infrastructure like any other asset and properly secure it.

"If SMEs are unable to secure their infrastructure due to remote working or a lack of expertise, they must find a custodian who can do it on their behalf, or run the risk of having their data comprised in the future."