SMEs make up a large part of the economic landscape in Wallonia, most often organisations with less than 50 employees. These companies often lack the internal skillset and resources to fully understand cyber security risks. They tend to feel uninformed and unprepared, especially regarding European regulations like GDPR and NIS2. Despite their small size, SMEs are often targeted due to their role in the supply chain of larger companies.
Regional Initiatives and Challenges
In response to these challenges, regional initiatives like Cyberwal by Digital Wallonia are welcomed. These initiatives aim to raise awareness and provide better protection for businesses. Cyberwal embodies Wallonia's ambition in cyber security by uniting stakeholders in research, innovation, and training. Additionally, efforts by AKT for Wallonia (UWE) and Agoria play crucial roles in raising awareness and improving collaboration among businesses to enhance cyber resilience and compliance.
Key Challenges for Business Leaders
Challenges include limited financial resources and a shortage of qualified personnel, making compliance with complex regulations difficult. Recent crises have further strained resources, increasing exposure to risks. Guiding leaders to secure their IT assets and ensure business continuity is crucial.
Involving Executives and Raising Employee Awareness
Executives need to not only understand the cyber risks but also integrate cyber security into their overall strategy. This involves developing robust security policies, regular evaluations, and clear communication. Employee awareness should be raised through regular training on basic cyber hygiene, particularly phishing, as it presents a major threat to companies of all sizes.
Defining a Strategy for SMEs
SMEs should follow structured frameworks like "CyberFundamentals" (CyFun) for assessing risks, developing security measures, and training employees. This approach helps SMEs implement effective cyber security strategies without deep technical knowledge.
Ensuring Effective Measures and Key Performance Indicators (KPIs)
Monitoring the implementation of security policies, compliance with standards, and ongoing training is essential. Measuring operational performance, such as incident detection and response times and the effectiveness of security tools, is crucial. Using these KPIs, companies can continuously evaluate and improve their cyber security posture.
SMEs should focus on basic security measures like password management, phishing awareness, and regular backups of critical data.
Three Actionable Tips for Leaders
- Act Quickly: Establish and communicate a solid cyber security plan to avoid significant risks.
- Invest in Training: Regularly train employees on cyber security best practices.
- Build Partnerships: Collaborate with key players in the cyber ecosystem for specialised advice and resources.