How the digitization of SMEs affects security

Digitization is spreading far and wide in all sectors of our society in an unstoppable way. This process through which more and more sectors and productive activities carry out all their processes electronically has been accelerated even more as a result of the pandemic. However, if there was a sector that still resisted this process, it was that of SMEs.

Indeed, small Spanish companies have often been left out of this digitization process for different reasons. Among these, it should be noted the lack of qualified and trained personnel to undertake this digitization in their environments, the lack of business culture on many occasions and almost always the absence of economic resources to undertake it. The Government has recently launched an initiative whose objectives are precisely to help the digitalization of these companies and from multiple sectors SMEs are constantly encouraged to undertake this process. The advantages that digitization can bring to our small businesses are clear (cost savings, greater competitiveness, access to new markets… to mention just a few).

In the case of SMEs, one of the biggest challenges to face in the face of their digitization is that of the security of computer resources

Still, all that glitters is not gold. We have already seen the frictions that a perhaps excessive or poorly designed digitization process produces in society in environments such as banking as a result of the movement: “I am older, not an idiot”. In the case of SMEs, probably one of the biggest challenges to face in the face of their digitization is that of the security of computer resources. We are talking about a sector in which the appropriate professional profiles are usually lacking to implement and maintain an IT security strategy. Additionally, the economic capacity to face investments in security solutions is usually limited. The sum of both factors gives rise to a kind of perfect storm in which the digital kit initiative could be creating the perfect breeding ground for cyber criminals to prey on these recently digitized SMEs that do not have the knowledge or with adequate means of defense. It is true that within the programs of the Digital Kit there is an item for cybersecurity… however, this item is constituted as a one-time investment, giving the impression to SMEs that it is possible to establish an adequate level of cybersecurity simply with an investment punctual in time in certain protection measures.

Cybersecurity must be seen as a continuous process, since the timely acquisition of a tool will never, by itself, ensure adequate protection against all possible attack vectors over time.

Beyond distributing funds for specific acquisitions of cybersecurity tools, the Digital Kit should probably have focused on ensuring that SMEs have the appropriate knowledge and business culture necessary to establish a continuous cybersecurity process that allows reaching a level of IT security reasonable in these environments and maintain it, update it, evolve it… otherwise we run the risk that an apparently interesting initiative such as the Digital Kit ends up becoming an excuse for a distribution of funds and medals that ends up having a very questionable impact on the digitization of the SME sector and probably very negative from the point of view of its cybersecurity (and therefore, that of the whole of society, let us not forget that SMEs account for around 97% of our companies).

Indeed, the aid of the digital kit for investment in cybersecurity products facilitates access to certain security tools for SMEs, but if there is no business culture and adequate knowledge within organizations, what will happen is that this specific investment will most likely It will create a false sense of security. Many SMEs may think that with the investment that the digital cybersecurity kit allows them, they are already protected, ignoring that cybersecurity goes far beyond the occasional purchase of licenses… Without a corporate culture in cybersecurity or sufficient technical profiles available to join SMEs, the investment in the Digital Kit may even have a negative impact on the real cybersecurity level of our SMEs in the medium and long term.

By Miguel Lopez; Country Manager – Barracuda Iberia