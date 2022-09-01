In today's growing digital economy, small and medium enterprises are reaching out to new markets, leveraging the power of the internet. It not only boosts their growth in the market but, on the other side of the picture, makes them vulnerable to cyber-attacks and data breaches. Very naturally, small businesses cannot afford to invest in sophisticated cyber security systems, making their vulnerability even bigger.

Agrim is a digital solutions firm that helps businesses manage their risks and transform their businesses with affordable and effective cyber security solutions. Mr Maninder Pal Singh is the Practice Head - Cyber Security at Agrim. He develops and implements reliable cyber security strategies backed by innovative research and analytical methodologies. In this interview, he shares his views on how modern SMEs can cost-effectively benefit from new-age cyber security measures.

What are the current trends in cyber-attacks? What are the most prevalent cyber attacks today, and how do those attacks impact modern organizations?

In recent years, most cyber attacks have resulted from computer system failures (bugs) or social engineering/ human error. However, since organizations are more connected with one another than ever, supply chain attacks have increased over time. So naturally, when business partners managing their data/network get breached, the companies get impacted in more ways than an average person can think. Hence, even though the system/human malfunctioning is causing the most attacks, supply chain attacks have emerged as a growing risk.

Where are these attacks emanating from? Has the trend changed in view of current geopolitical instability?

The system/human vulnerabilities are attacked/exploited by external attackers. These threat actors may be based out of any country in the world. Unlike most security professionals, they had worked from home even before COVID struck the world. Hiding behind layers of VPNs, firewalls, and other devices, it is hard to trace them and even harder to convict/prosecute. With the change in the current geopolitical situation, more state actors have gotten involved in the process with respective motivations. However, their attack forms are not much different. Even though they have more resources/better tools, the same security best practices/experts can help companies defend against such attackers.

While large organizations have a detailed system to protect themselves, how can small and medium enterprises ensure their security?

That is right. Most large companies have budgets and resources allocated for cyber security. However, Small and Medium Enterprises (SMEs) are often lacking in this area. SMEs should take a risk-based approach to manage their cyber risks. While it may not be possible to track and mitigate all cyber threats, it is always good to be aware of the biggest ones and be able to manage them.

Is it possible to provide robust security coverage across borders or a service like "Security from Anywhere"?

How companies do business is evolving and has significantly changed over the last two years. Like most other teams, security teams can now deliver effective services remotely. Hence, the trend for "Security from Anywhere" is catching up. Verified and trusted security teams can support clients in different parts of the world to help address their significant security risks in a very cost-efficient manner.

Does this model also help address the variability in volume and variety of attacks?

Absolutely! Security skills are in shortage in many parts of the world, and it becomes difficult for companies to scale their internal teams up (or down) quickly based on business requirements. However, with the "Security from Anywhere" model, verified and trusted teams from across the continents can be engaged to address the spike in requirements as and when required.

How do you propose small and medium enterprises can best leverage capabilities that boutique players like yours bring to the table?

The security requirements for small and medium enterprises are significantly different from those of large companies. Instead of addressing all security risks, SMEs need to identify the critical threats applicable to them and use their limited resources to manage the more significant ones. We help our clients do exactly that and also map the controls being implemented to applicable compliance requirements . This helps them address their key risks and compliance requirements in one go saving their time and resources.