Self Assessment

Cyberthreats to SMBs in APAC – Part-3: The Cyber-readiness Gap

Published On : 2021-07-18
Share :
Cyberthreats to SMBs in APAC – Part-3: The Cyber-readiness Gap

By Mihir Bagwe, Snr Technical Writer @ CISO Mag

The Cyber-readiness Gap

Here’s a quick recap of what we read in the first two parts of this series. We saw how SMBs have become the mainstay of economies in the APAC region. However, in the second part, we saw the byproducts of this booming sector as the cyberthreat landscape for SMBs continued to surge. But businesses paint a different picture altogether. They feel they are well equipped and prepared to take on the cyber threat “Goliath”. But are they? Let’s see…

Putting in place a dedicated cybersecurity team is just the first of many challenges that an SMB owner faces, but it is a prime one. It begins with educating themselves about the importance of cybersecurity for their business in the first place, then finding the right talent, and then shelling out an extra bit on the recommendation of tools and technologies that they suggest. This can burn a big hole in the SMB owner’s pocket and often is regarded as a reason why they overlook having cybersecurity personnel on board.

Most of these businesses are either bootstrapped or have limited funding, but this does not leave them with much of an option for cybersecurity budgets. Moreover, there is already a “demand and supply” crunch for cybersecurity. Meaning, cybersecurity demands three core components, skilled people, process, and technologies, which are all scarce at the moment. But it is also the only way SMBs can build a cybersecurity culture in their business.


At a time when the cybersecurity talent pool is most required, estimates state that unfortunately, up to 3.5 million cybersecurity jobs will go unfilled this year according to Cybersecurity Ventures. The uptake of formal cybersecurity education at the university level has seen a gradual increase over the past few years. But what needs to be understood is that it takes time to educate and train highly skilled professionals, and then a bit more time for them to gain practical work experience. But this talent is mainly absorbed by industry heavyweights and the SMBs are often left high and dry with an under-skilled workforce, which at times only has theoretical knowledge rather than the practical set.

The solution to this Problem
  1. Technology is important, but it is the people who use it. Train them to abide by basic security principles.
  2. Cross-train your employees.
  3. Build a security first consciousness within your company.


Policies, processes, and procedures help companies to stay in control of their cybersecurity architecture. And although there are various frameworks around the globe like NIST in America and SMESEC in the European Union for SMBs of these respective regions, there does not seem to be any formal cybersecurity framework specifically designed for SMBs in the APAC region. This is the need of the hour and we hope formal bodies are listening to it. In the meantime, what can SMBs in APAC do?

The solution to this Problem
  1. Have an acceptable yet comprehensive user policy.
  2. Create a playbook for different security scenarios and for different business modules too.
  3. Conduct a periodic external IT audit.
  4. Keep your employees and management updated on the latest cybersecurity news.


For an SMB owner, cybersecurity can cause technological headaches. The Internet of Things (IoT) is one of the most exciting components of the evolving technology landscape. We are seeing the arrival of tools that can communicate seamlessly with other machines for simplifying the way we live and work. IoT is gradually becoming more ubiquitous and helping especially small businesses grow at a faster pace.

For example, a coffee shop owner who had to pay for manhours of a person to simply take orders from its customers and serve them has now introduced tablets on their tables. QR codes on tables and restaurant apps have also now become the new norm in a society that is more aware of hygiene and social distancing. Tablets and apps offer two key benefits. First, it improves efficiency in the kitchen. The time for taking the order from the customer and conveying it to the kitchen is next to negligible. This helps coffee shops and restaurants to dish out to their customers in lesser time than before. Secondly, the self-service culture aided by digital technologies means recruiting fewer people to wait on tables, and this can bring in significant cost savings for restaurant owners.

However, one of the most pressing issues with such technologies is the security considerations it comes with. As the number of IoT and new-age devices increases, the risk of “rogue” technology is now higher than ever. For this reason, SMBs need to keep fine-tuning their cyber defense technologies, but the lack of people and process capabilities to do this often hampers their technology efforts.

The solution to this Problem
  1. Defend against known malware by using a comprehensive antivirus solution.
  2. Endpoint security is of utmost importance. So have one for ALL your endpoints. The cost is equivalent to that of an antivirus solution. So, this is a viable investment.
  3. Have a data backup solution.
  4. Use two-factor authentication for all endpoints and systems of your small business. This should include owner’s as well as employees’ mobile and laptops.
  5. Be aware of your cyber and digital risk profile.

In APAC the most commonly used security tools of SMBs include web application firewalls (WAF), cloud access security broker (CASB), and software and application scanners for detecting respective vulnerabilities. The ability to discover digital risks and their impact on business operations remains elusive.

Digital risks include uncovering attack surfaces where hackers can find their way in as well as the continuous monitoring for vulnerabilities that exist in the various technologies which SMBs have implemented. The once-a-year pentest would not be sufficient if businesses want to ensure they are protected 24/7.

Businesses that are not equipped to detect data leaks or breaches would continue to put their business at risk. The “head in the sand” mindset will not work if they want to take a proactive approach to stem out attacks and put a stop to hackers’ pilferage.

As competition heats up on the business front, the need to ensure the brand is not hijacked or negatively impacted is of utmost importance. This means business owners need to be equipped with the knowledge of any brand impersonation and infringement and these issues could show up as lookalike domains, fake social media accounts, and more. All of these digital risks can easily translate to a direct business impact if left unattended.

To help SMBs overcome their cybersecurity challenges, CYFIRMA has built a solution that can help businesses build a stronger defense against cyber threats.

Learn more about CYFIRMA’s Digital Risk Discovery platform, DeTCT, here.


This site is registered on as a development site. Switch to a production site key to remove this banner.