Cybersecurity for SMEs.pdf    

Cybersecurity for SMEs [documento eletrónico] : challenges and recommendations / European Union Agency for Cybersecurity


UNIÃO EUROPEIA. Agência Europeia para a Cibersegurança


Heraklion: ENISA, 2021




"The EU is the world’s largest single market area and is the largest economy in the world. Many may attribute that market size to large organizations and multi-national companies. While these are important contributors to the overall EU economy, the Small Medium Enterprise (SME) businesses form the backbone of the EU’s economy. According to the European Commission “Small and medium-sized enterprises (SMEs) are the backbone of the EU's economy. They represent 99% of all businesses in the EU and employ around 100 million people. They also account for more than half of Europe’s GDP and play a key role in adding value in all sectors of the EU economy.” They serve both as enablers for the digital transformation, and as a core element of the EU social fabric. In response to the COVID19 pandemic, ENISA analysed the ability of SMEs within the EU to cope with the cybersecurity challenges posed by the pandemic and determining good practices to address those challenges. This report provides cybersecurity advice, but also proposals for actions that Member States should consider in order to support SMEs improve their cybersecurity posture. The COVID19 crisis showed how important the Internet and computers in general are for SMEs to maintain their business. In order to survive the pandemic and to continue in business many SMEs had to take business continuity measures such as adopting to cloud services, upgrading their internet services, improving their websites, and enabling staff to work remotely. This report highlights how many of the existing cybersecurity challenges were exasperated further by the impact of the COVID19 pandemic and are now more critical to mitigate. Our recommendations outlined in this report to enable SMEs to address these cybersecurity challenges are shaped towards this direction. The recommendations in this report was developed based on extended desktop research. This research was augmented by a two-month-long survey, where 249 European SMEs shared their feedback on their state of digital security and preparedness for crises such as COVID-19, and targeted interviews with selected participants followed. The research identified that the greatest challenges for SMEs are low awareness of the threats posed to their business by poor cybersecurity, the costs of implementing cybersecurity measures often combined with a lack of dedicated budget, the availability of ICT cybersecurity specialists, a lack of suitable guidelines aimed at the SME sector, and low management support. In summary, SMEs within the European Union appear to understand that cybersecurity is an important issue and that they are very reliant on their ICT infrastructure. Of the SMEs surveyed over 80% stated that cybersecurity issues would have serious negative impact on their business within a week of the issues happening, out of 57% saying they would most likely become bankrupt or go out of business. Despite this, SMEs do not seem to appreciate that cybersecurity is not something that impacts only larger organisations. Thus, SMEs need to realise the impact cybersecurity issues can have on their business. Many SMEs believe that cybersecurity controls that are included in the IT products they have purchased will suffice and that no additional security controls are necessary, unless mandated by regulations or Law. Our recommendations towards SMEs are three-fold: - people, - processes and - technical. They include keeping software up to date, applying strict access control rules, making use of cloud services, having a plan for cyber-incidents and many others. For a full list of recommendations, see Chapter 5. The report also includes recommendations for national and European authorities. The report is accompanied by a guide3, providing SMEs with practical 12 high level steps on how to better secure SMEs' systems and their business."


Comunicações Eletrónicas


Comunicações eletrónicasCibersegurançaComputação em nuvemSegurança da informaçãoPequenas-e-Médias-EmpresasTecnologias-da-Informação