Can small to medium-sized enterprises (SMEs) across Africa address the cybersecurity risk adequately? New research from Christopher A. Moturi, Nabihah R. Abdulrahim, and Daniel O. Orwa of the School of Computing and Informatics at the University of Nairobi, Nairobi, Kenya, off an answer in the International Journal of Business Continuity and Risk Management.
The team suggests that SMEs are key to economic growth in Africa but as many companies become increasingly entrenched in digital and online operations and services, the risks they face from malware and hackers increases. The team has the National Institute of Standards and Technology (NIST) cybersecurity framework to undertake an in-depth study of selected SMEs to identify the critical issues that are causing those companies problems and to help find solutions that might be applicable to many other SMEs. In Kenya alone, cybercrime is costing SMEs there the equivalent of millions of dollars every year.
Their work could help guide those very companies to a more secure future but also provide e a roadmap for governments and regulatory bodies. Importantly, the study could be used to raise awareness and instil a security-aware culture across SMEs where that culture does not yet exist. Given that cybersecurity has no unique definition across companies and regulators, it is important that agreement on meaning be made so that risks can be identified and security implemented. This definition must encompass evolving social media, mobile computing, big data, cloud computing, and the internet of things to ensure cybersecurity measures are in place that stay one step ahead of the many threats facing companies.
“SMEs are in a position to become more resilient even with limited resources by applying the NIST cybersecurity framework within their environment to gain an in-depth understanding of the cybersecurity risk management practices,” the team writes. The NIST framework can offer SMEs a strategic approach that may cost them money initially but will save them money in the long term by reducing the risk of them succumbing to security breaches and cybercrime.
Moturi, C.A., Abdulrahim, N.R. and Orwa, D.O. (2021) ‘Towards adequate cybersecurity risk management in SMEs’, Int. J. Business Continuity and Risk Management, Vol. 11, No. 4, pp.343–366.