SMEs appear to be easy prey for cybercriminals. Research by ABN Amro shows that three-quarters of companies have to deal with this form of crime, which is 30 percent more than in the previous measurement a year ago. The rapid growth in the number of victims in particular is ‘quite shocking’, says Julia Krauwer, Sector Banker Technology, Media & Telecom at the bank. ‘Especially with companies with a turnover of up to ten million euros, those are the smaller parties.’
Krauwer sees several reasons for the increase. ‘Digitization in companies has moved very quickly since the corona crisis, so fast that the attention to digital security was substandard. And you see that cybercriminals are becoming more and more professional and more devious.’ For example, there are organizations that scan the web for vulnerabilities and then resell that list of vulnerabilities. “Access to third-party systems is quite easy to obtain.”
Long tail
According to Krauwer, SMEs are not aware of the risks they run. ‘The percentage that sees cyber attacks as a high to very high risk for their own company has not increased significantly.’ The fact that the media pays particular attention to attacks on major parties may also contribute to this. “While you don’t hear the longtail with small casualties.”
Krauwer believes that companies should get rid of the idea that ‘this will not happen to me’. ‘Cybercriminals are pragmatic and look where the vulnerabilities are. And you can attack an entire chain via a vulnerability.’
‘Deepfakes are difficult to estimate, companies should take that into account’
That does not mean that large companies have cyber security in order. The survey shows that 64 percent of large companies see cybercrime as a substantial risk to their own business operations. This is reflected in the measures taken, such as firewalls, antivirus programs and employee education. ‘Many cyber attacks start with an inattentive moment on the part of an employee, such as clicking on a phishing e-mail,’ says Krauwer.
Deepfakes
According to the researcher, there is increasing innovation in the cybercrime industry. “Remember, for example, a full conversation with a cloned voice of someone you trust? Deepfakes are difficult to estimate, companies have to take that into account.’
New European legislation will come into effect in the course of 2024. This NIS2 law obliges companies to critically question their suppliers in the field of cyber security. ‘If you fail that test, you run the risk of not being able to do business. It’s tough business.’
