How Important Is It For MSMEs To Strengthen Their Cybersecurity Framework

The ordeals of the last 24 months have thrown normalcy out of gear, both in the social and economic context. In a closely contested marketplace, pandemic-induced disruptions have set the imperative of embracing technology as a strategic business enabler. Today companies are locked in a tricky balancing act to transform at velocity and intuitively plug digital vulnerabilities. Amidst such circumstances, how is the Indian MSME sector constituting the backbone of the country's $3.23 trillion economies faring in defending its core institutional interests against an evolving cyber threatscape?

Indian MSMEs in the crosshairs

Recent observations by CERT-In paint a disturbing yet introspective picture. It reveals a dramatic spike in cyberattacks in India within the first six months of 2021. Further, in its recent study, Cisco found that over the past 12 months, such incidents have impacted at least 74% of the local MSMEs, inflicting a loss of over ₹3.5 crores on average. Apparently, the myth that small and mid-market entities are too obscure to be targeted profitably is eroding fast, and businesses, irrespective of size, must prioritize robust cybersecurity frameworks to ensure the resilience of their applications, data, and infrastructure. 

Nevertheless, in the wake of the COVID-19 situation, the hasty bet of the MSMEs on digitalizing their back-office operations and business ends, coupled with a disproportionate focus on customer experience delivery and business continuity aspects, have created a perfect storm. As endpoints proliferate and Cyber Defense momentarily occupies a backseat in a typical MSME CSO's agenda, malicious actors have a field day. Indeed, the pace of technology adoption in the sector has not been matched by adequate cybersecurity investments to attain a critical mass and intended maturity levels. For instance, the Cisco report cited above, assessed that for 34% of businesses in India, detecting a security breach takes more than an hour, one of the highest in the APAC region. 

Multifaceted risks with far-reaching implications

Such inadequacies have laid bare the Indian MSME vertical, constituting the supply chain building blocks for larger enterprises to a broad spectrum of cyber intrusions. It includes malware and ransomware attacks, trojan infection, phishing, business email spoofing, spyware injections, and much more. Undoubtedly, while it jeopardizes the entire Digital Culture of the company encompassing user access, data governance, disaster recovery, infrastructure management, and service availability, for an unprepared/underprepared MSME, implications can be much more catastrophic, leading to the irreversible loss of a key business currency: stakeholder trust. 

Cybersecurity as a strategic imperative 

Today, Indian mid-market entities increasingly harbour global aspirations. In the international business arena, they are expected to abide by regulations like GDPR, PIPEDA, and LPGD, while there is already a Personal Data Protection Bill on the anvil at home. So, data breaches and unplanned service outages can trigger cascading regulatory impacts, posing substantial reputational, financial, and compliance risks for companies. 

Indian MSMEs, especially those across Tier I & II cities of the subcontinent, often operate on a moderate budget. Yet, it will not be advisable to discount a robust cybersecurity framework from their survival and continuity roadmap. It should imbibe nuances of confidential data management, multi-layered defence, and inculcation of an informed corporate cyberculture blanketed by adequate cyber insurance cover to indemnify financial losses to intrusion. Further, using only authenticated infrastructure components and applications, role-based access control (RBAC), SASE, and periodic cyber audit can go a long way in shielding an MSME against intrusions like Supply Chain attacks and help adopt a Never Trust, Always Verify approach to cybersecurity. 

The issue of cybersecurity cannot be left to chance, and more so for an MSME that may find it harder to emerge from an incident, compared to its Big Market peers. The success of an MSME's cybersecurity framework should be gauged by the acute understanding of its business cases, vulnerabilities, their downstream impacts, and how efficiently it can bring such awareness to select the right solutions and orchestrate its operational processes to secure the optimum return on investment.