In today’s fast-paced digital world, SMEs are increasingly becoming prime targets for cybercriminals. Cybersecurity is no longer just a technical issue—it’s a business imperative. Learn how to safeguard your digital assets, navigate the evolving threat landscape, and build resilience against potential cyberattacks.
[00:00:10] Prioritizing cybersecurity is imperative for small businesses to safeguard their operations and reputation.
[00:00:16] A successful ransomware attack can result in significant consequences such as financial losses, service disruptions and harm to the brand image.
[00:00:27] Rebuilding customer trust or security breach is challenging and may result in the loss of potential clients.
[00:00:35] We have with us Sameer Mathur, Managing Partner SM Consultant.
[00:00:40] Sameer Mathur has more than three decades of experience in similar work functions.
[00:00:45] Welcome to the Do Big Podcast, Sameer, and I look forward to an interesting conversation with you on cybersecurity.
[00:00:53] Yeah, Shital, thanks for that introduction.
[00:00:56] Yes, cybersecurity is an area of concern amongst all the MSMEs and they understand especially in the last two, three years when the usage of internet has gone up and the usage of online tools like recording tools and also business applications has gone up.
[00:01:15] So, I think that the issue of cybersecurity is a big area of concern for most of the MSMEs.
[00:01:22] The issue today is that the understanding of the threat perception is there, but due to various reasons which we will discuss in subsequent, the actual implementation or actionable insights are very few.
[00:01:38] So, I think that's a big challenge that SMEs are facing and we as advocacy champions for this, it's our prime job to inform SMEs of the kind of potential threat like you mentioned about ransomware.
[00:01:53] Ransomware is one of the issues which gets highlighted in the media so people are worried about ransomware, but there are 10 other issues which could happen.
[00:02:00] So, I think it's a very interesting topic and it is a topic which needs immediate concern of the SME owners.
[00:02:08] But yes, there is a concern area, but also quite often ignored area.
[00:02:14] So, Samir, typically in your experience and you've worked with so many organizations, can you tell us the kind of threats that SMEs have faced?
[00:02:22] So, you know, if you could prioritize the threats that will be great, but if you could at least talk to us about the kind of threats they are facing.
[00:02:30] The kind of threats they are facing are like I said many in number, but the issue is that most of the threats that are coming, these are concepts which are not very clear to MSMEs.
[00:02:42] That's why, like I mentioned that the actionable insights are actionable, actions are not there, which means that the threat is not clear to them.
[00:02:51] For example, in terms of loss of privacy, in terms of loss of data, in terms of loss of valuable asset, which could be a data asset, it could be other assets also.
[00:03:02] So, what will a hacker do to us in terms of if the hacker is actually able to get into the network?
[00:03:10] We have had experience of large SME manufacturing company owners telling us that how does it matter if a hacker gets into our network?
[00:03:20] What can they take? If they can take our data, it doesn't matter to us.
[00:03:23] So, I think that's where lies the problem. Actual potential loss of data is something that is not clear to most of the SME owners.
[00:03:34] Now, why I am mentioning SME owners is that most of the SMEs do not have a very mature IT security teams.
[00:03:41] So, most of the SMEs are still struggling with their, let's say, ERP implementation or CRM implementation and security kind of takes a backseat because it is something that is not visible.
[00:03:53] It doesn't actually hamper your daily operations and that's why it is often ignored and that is something that we need to work on.
[00:04:01] Okay. So, just out of curiosity, Samir, can you list some of the cybersecurity issues that SMEs face?
[00:04:08] So, like we talked about ransomware, what are the others that they fix?
[00:04:13] So, there is hacking going on. There is bot-based ransomware where without clicking any link, one can get into it.
[00:04:23] There are user account-based hacking happening. There is identity theft that's happening.
[00:04:29] Today, users are actually, the hackers are gaining entry into your system and sitting in the system for months together just trying to gauge the user behavior and just trying to reach the most potential or the most dangerous victim that they can get hold of.
[00:04:51] So, it could be the user's laptop. It could be the user's laptop. It could be the MD's laptop. It could be the CFO's laptop.
[00:05:21] So, the average time to find this hacker or just to find not solve the problem is about 180 days, which means for six months, somebody is sitting in your network and reading your data usage and understanding your user behavior before the user comes to know that there is something wrong with my network.
[00:05:42] So, imagine somebody sitting in your home for six months, understanding that what time people go out, what time people go in, what time they are kind of resting and what is the most vulnerable time for me to attack them.
[00:05:56] I mean, they have all data with them.
[00:05:59] So, what happens is that they have all data?
[00:06:00] And would this typically happen like they would come in through email? How typically a hacker enter a system?
[00:06:08] So, yes, most of the attacks are happening through email or some kind of endpoints, right?
[00:06:14] So, endpoints, of course, and email is one of the applications because it is widely used and one tends to log into email from wherever in the country you are in.
[00:06:24] And obviously, there are unsecure networks because I'm traveling to a remote area where the network is not so secure.
[00:06:31] I might try to log in from a network of somebody else's office I am there, which may not be secure.
[00:06:38] I mean, you go to cyber cafes, why should we talk of remote locations? Even in cities, you go to coffee places and you will find them giving you free Wi-Fi because they want you to sit there and use their Wi-Fi and probably have coffee and something to eat.
[00:06:53] And you will find comment on your Wi-Fi network saying unsecured network, which means that the network is unsecure.
[00:07:01] So, still we tend to log in through them and use all our applications including banking and WhatsApp and other things.
[00:07:08] So, like I said that the number of threats that are amazing and especially with the growth of the cloud network, things are really getting out of hand.
[00:07:19] And whatever news we are getting in the media, I strongly feel is only the tip of the iceberg.
[00:07:25] The problem is much, much deeper.
[00:07:26] Okay.
[00:07:28] And you know, like you mentioned, there is growing awareness about cybersecurity among SMEs, but you also mentioned that it is difficult and it's a struggle to get into translated into actionable insights.
[00:07:43] Where is the struggle and why is there a struggle on the actionable insights?
[00:07:49] So, two, three points, like I mentioned that you know the problem, but there are no visible symptoms that my work is going on.
[00:07:56] My ERP is working.
[00:07:57] I am able to do data entry in my accounting.
[00:08:00] I'm able to take out invoices.
[00:08:03] I'm able to create my balance sheet.
[00:08:05] I'm able to work on my HRMS.
[00:08:07] Attendance system is working.
[00:08:09] Customer relationship management software.
[00:08:11] Everything is working.
[00:08:12] What is there is a problem?
[00:08:13] It's not visible, right?
[00:08:15] Point number one.
[00:08:16] Point number two, the biggest challenge I feel is the lack of availability of manpower.
[00:08:22] There are international surveys which says that the demand for security professionals is running into millions within India only.
[00:08:30] And that's why the government is also trying to initiate this as a concept of raising awareness amongst the users in terms of their understanding of the data.
[00:08:40] How that data as an asset is something that needs to be taken care of.
[00:08:45] The government, as for the information of all the listeners, has recently passed, will also call the DBTP Act, which was passed as recently as August of 23, which talks specifically of protection of the personal data of the individual.
[00:09:00] And you have all these controversies around deep fakes that's happening.
[00:09:05] And this is actually only the tip of the iceberg.
[00:09:08] So, coming back to the example of SME owners, especially in the manufacturing who are sitting in remote areas.
[00:09:15] And for them, of course, lack of trained manpower is a big issue.
[00:09:20] Even if they were to realize that we need to invest in cybersecurity products, where do they have people to be able to manage those products that they will buy?
[00:09:29] That's why we have offerings on SaaS platforms.
[00:09:32] We have offerings on cloud where you need not manage.
[00:09:35] You just install the systems and the management is done by the concerned company at the backend.
[00:09:41] So, those kinds of offerings are something that are already picking up.
[00:09:45] And the other thing is that even if the intent is there and even if the teams are there, the lack of awareness amongst the users, which means that if I were to install the best systems in my organization,
[00:09:59] and I would buy the state of the art equipment, but if my users are not aware of how to use IT systems, and where or to take the right precautions, I can still be hacked.
[00:10:11] But somebody could press on a link and everything goes haywire.
[00:10:15] So, it's a mixture of these three, four parameters which have to be taken care of.
[00:10:20] Thank you so much for your valuable time.
[00:10:23] And thank you so much for making this complex subject a little more easy to understand during our conversation.
[00:10:31] So, an absolute pleasure having you on the Do Big Podcast.
[00:10:34] Thank you, Shigal.
[00:10:35] Thank you.
[00:10:37] Thank you for tuning in to the Do Big Podcast.
[00:10:40] A podcast that is dedicated to providing insights, strategies, and success stories of smart digital solutions for SMEs.
[00:10:48] We believe that behind every successful business, there's a strong foundation of reliable and secure technology via digital connectivity, cloud infra, cloud apps, collaboration tools, or cybersecurity solutions.
[00:11:00] In a rapidly evolving digital world where technology is key to progress, Tata Tele Business Services stands at the forefront of digital transformation of SMEs.
[00:11:11] Tata Tele Business Services, with their extensive experience and commitment to empowering businesses, understands the unique needs of SMEs.
[00:11:18] Whether it's scalable connectivity, robust communication tools, or tailored ICT solutions, Tata Tele Business Services is here to propel your business forward.
[00:11:29] Tata Tele Business Services is synonymous with innovation, reliability, and transformative solutions.
[00:11:36] With a legacy spanning decades, Tata Tele Business Services has been empowering businesses and transforming lives across the nation.
[00:11:44] So, if you're ready to take your organization to new heights of success, we encourage you to explore the transformative possibilities that Tata Tele Business Services has to offer.
[00:11:56] Our contact details are in the description below.
[00:11:59] Remember, we're available on major podcast platforms.
[00:12:03] So, if you enjoyed today's conversation, subscribe to our podcast for future episodes, which we promise will be packed with equally valuable insights on questions entrepreneurs face as they digitize and scale businesses with the help of technology.
[00:12:17] Don't forget to rate and review our podcast as well as share it with peers, colleagues, and other entrepreneurs like yourself who will benefit from listening to it.
[00:12:26] Thank you for listening to us.
[00:12:28] And until the next time, keep embracing technology and may your business thrive in the digital era.
[00:12:34] Thank you.