Three of four small and medium-sized enterprises in Lithuania are not ready to fence off cyber-attacks or do not know if they are ready to do so, a poll conducted in November–December 2019 under the Create Lithuania project of the Ministry of National Defence revealed. The poll included 227 respondents, executives and staff, from all regions of Lithuania. Even though global trends show that small and medium-sized enterprises are often targeted by cyber-attacks, as much as 44% of the respondents said they did not think they could be targeted.
Cybersecurity begins with understanding that each company needs to apply relevant electronic security measures. Every company that uses even such basic services as e-mail or bank account is liable to become a target of hackers, no matter its size or type of activity. One of the most frequently detected kinds of cyber-incidents in businesses is phishing. Even a half of all respondents received such e-mail letters of messages seeking to obtain personal information over the past 12 months. However, according to the poll results, not all the executives knew what incidents could have taken place in their companies, one in five executives could not name them.
Experts stress the necessity to do a regular risk assessment in order for the company to be aware of its shortfalls and take security measures to increase its resilience against cyber threats. Unfortunately, only 14% of the executives said in the poll that they had carried out such an assessment over the past year. Risk assessment is not a simple process, according to the poll results, even 72% of the respondents said they did not know how to assess shortfalls and risks of their cyber security.
The poll also revealed that the businesses which indicated they had cybersecurity policies and carried out regular risk assessments, were better informed on why it was important to take care of cyber security and considered themselves better prepared to counter cyber-attacks. Another important revelation was that 3 of 4 executives agreed with the statement that it mattered to them that their business partners complied with cybersecurity standards. It is important to understand in the present day world that if a partner is vulnerable, your company is also at risk and may be harmed. Technical means is not enough to protect your systems anymore. Other crucial aspects are establishment of processes, identification, assessment, and management of risks.
Bearing in mind that a significant part of incidents take place as a result of human error, the poll of small and medium-sized enterprises staffs was aimed at assessing their knowledge and preparedness. As much as 86% of respondents agreed that every employee is an important chain in the cybersecurity of a business. Only education of personnel in cybersecurity culture can ensure that, however, only 14% of respondents indicated they had attended cyber security training over the previous 12 months. Education can be done on one’s own but only 14% of respondents agreed with the poll statement that there was enough of publicly accessible and clear information on cyber security.
It is difficult to realize for businesses, especially small ones, what harm can be inflicted on them by a cyber-incident. It is not limited to financial losses, they need to understand a cyber-breach can disrupt their activity temporarily or for good, additional costs can be required to restore electronic systems and reputation. The poll has shown that more than a half of heads of businesses that experienced cyber-incidents do not know what the consequences and harm caused by such incidents were.
Even though a major part of them (74%) agreed that cybersecurity was important to their companies, even 40 % of companies did not invest a single euro into cybersecurity last year. Small and medium-sized enterprises in Lithuania find it hard to understand what to start with and what to do in order to take care of their security in cyber space. 57% of executives states that they did not have or did not know if they had enough knowledge in order to select cybersecurity tools.
Best practices of different countries show that small and medium-sized enterprises can also be helped out state authorities by providing educational material and means in cyber security or other security services. Taking that into account, members of the Create Lithuania programme Gabrielė Bilevičiūtė, Justas Kidykas and Rūta Beinoriūtė, are creating a manual for small and medium-sized enterprises to enable them to ensure their cybersecurity. Following global best practices, the manual will encompass basic security level recommendations for the business that still are not applying a systemic approach to cybersecurity seeking to develop their cybersecurity awareness and resilience to threats.
MoD Create Lithuania prorgamme link .
