Cybersecurity Information security for SMEs: available option or uphill battle? October 1, 2024, 12:39 PM Alamy SearchInform analysts work with the client to configure a protective system and then monitor it on a daily basis In association with by Lev Matveev, chairman of board of directors at SearchInform If you search for “data leaks” online in the UAE one of the first results will be a column named Top 10 Cybersecurity Breaches in the United Arab Emirates. This is an interesting but alarming report containing a round-up of infamous incidents and revealing that the risks of data leaks are real and actual, and that their consequences are severe. Today all businesses have something to lose. They keep customer databases, financial reports, employees’ personal details, technical data and much more. Such data loss or any misuse can lead to critical consequences, ranging from large financial and reputational damage to legal claims or even bankruptcy. That is why more and more businesses strive to ensure their data is protected. However, not all of them succeed. In this column I will reveal the factors that constrain efficient data protection and whether there is a solution to the problem. Protection and solutions Ensuring protection against data leaks and corporate fraud is difficult and expensive. It is not like antivirus or firewall protection that you can simply deploy and then forget about. This is because data leaks and complicated fraud schemes don’t happen in seconds; they require preliminary preparations including data analysis and investigation. This means protection against them must be permanently administered by an information security (IS) officer. Here we come across the first difficulty: the necessity to hire an IS officer who will work with the protective software. Many organisations cannot afford to hire such a specialist – and there’s another even more serious issue – the severe lack of experienced IS experts on the market. The UAE alone lacks more than 30,000 such specialists, according to research by ISC2, the cybersecurity professionals members’ association. This issue is especially relevant for small and medium-sized businesses (SMEs). The task of hiring such an expert is a difficult one, both in terms of finance and HR. It is extremely expensive to maintain the systems that protect against data leaks and corporate fraud. Large corporations can usually easily afford to buy the software and the hardware, but SMEs – and also many governmental bodies – often lack the required budget. From a human resources perspective, skilled and experienced IS professionals tend to choose sustainable large corporations, where they can deal with a wide range of practical tasks. All in all, SMEs cannot compete with large corporations for IS experts, and as a result they remain unprotected. But remaining unprotected can lead to financial and reputational losses – as well as fines imposed by regulators. So what can be done in these circumstances? Lev Matveev, chairman of board of directors at SearchInform, which has more than 4,000 clients in sectors ranging from banking and retail to media and manufacturing Once upon a time taxis were the prerogative of wealthy people only. However, with the development of services such as Uber, taxis gradually became more available and now they are across the globe and many more people can afford to use them. “Market Uberization” – the process of shifting from goods to services, with customers preferring the flexibility of using products when needed instead of owning things – breaks new grounds. This trend has also influenced the information security sphere, embodied in the form of “managed security services” (MSS). How managed security services works MSS involves outsourcing information security management. Customers pay a monthly subscription to rent the protective software and hardware, which is managed by a dedicated IS analyst. MSS is the response to the market request, enabling businesses to overcome challenges and making security more available. At SearchInform, for example, dedicated analysts are there to ensure protection against a wide range of internal threats such as data leaks and corporate fraud, including document forgery, kickbacks and moonlighting; providing regulatory compliance and controlling employee productivity. To set things up a SearchInform analyst will work with the customer to configure a protective system according to their requirements and tasks. Once the software is configured the IS analyst will monitor the system on a daily basis to prevent any incidents and will immediately contact the customer in the case of any violations. The customer will also regularly receive detailed security reports to ensure there is total transparency. Therefore with no need to purchase individual software licences and hardware, and at zero human resources costs, the customer gets complex business protection. More than security MSS is not limited to preventing data leaks. Professional IS analysts can help to solve a wide range of adjacent tasks such as monitoring employee work processes, detecting cases of employee idleness or those working extra hours, exposing cases of spreading negativity in the team and detecting and preventing document forgery and file deletion and much more. Outsourcing internal information security tasks is most useful for C-level employees, IT and IS specialists and HR managers. They can set additional tasks in the system, including even the most complicated atypical ones that at first glance may seem unrelated to information security. To remain one step ahead it is important to be aware of the existing issues in a timely manner – and SearchInform analysts can help. If an employee is planning to resign, for example, the analyst can quickly reconfigure access rights to exclude any possibility of confidential data being stolen. HR specialists within the business will also need to either try to retain the employee or find a substitution in advance, which the analyst will help with. The MSS service can also prevent significant financial losses caused by an employee’s fraudulent actions. For example, an insurance company with a remote branch with 10 employees had remained unprofitable for a while. It chose to sign up to SearchInform’s MSS service and the analysts discovered that one employee had been issuing insurances retroactively – his acquaintances, who needed insurance to cover their expenditures, paid the exact amount to him, who then forged documents and issued the insurances. The company had lost more than AED50,000 ($13,600) a year due to one malicious employee’s actions. Accessible and cost-effective MSS makes information security more accessible to all businesses, allowing them to avoid spending large amounts of money on protective software licences and hardware. Businesses who sign up to MSS will get protection within a few days, while buying their own in-house protection software and hiring an IS officer can take up to a few months. In addition to data protection, MSS information security analysts also ensure complex protection against internal threats including productivity issues, theft, corporate fraud and malicious behaviour, thus enhancing the efficiency of business processes. Contact SearchInform SearchInform offers a free 30-day trial, during which it will audit your business protection and reveal any weaknesses. Sign up for the free trial today.