Cyber-attack: The SME’s survival guide


Many small to medium-sized enterprises think they are less likely to be a target for cyber-attacks because of their size. They believe that threat actors are more interested in larger businesses that are capable of offering a bigger financial payoff in order to recover their valuable data.

However, the truth is that when it comes to cyber attacks, modern adversaries don’t discriminate. SMEs are attractive targets because they often have leaner IT infrastructures and fewer resources allocated to cybersecurity, not to mention that threat actors may also use SMEs as a stepping stone to gain access to larger enterprises. This is more and more common, given the reality of today’s increasing supply chain complexity.

This is all the more reason for smaller businesses to take the threat of cyber-attack or breach seriously, and make sure they implement effective security measures and protocols. Cyber preparedness ensures that businesses have a plan in place to respond to imminent threats.

Measuring cyber readiness

While cyber risk cannot be eliminated completely, organisations can manage risk effectively with the right people, processes, and technology. The first step to building a strong Incident Response Plan (IRP) is evaluating your organisation’s level of preparedness across three areas:

  1. People

When it comes to cybersecurity readiness, it’s crucial to determine who your incident response team members are. Does the team include not just a technical lead but also a PR advisor and HR specialist? Also, are your organisation’s key internal and external stakeholders identified? Individual roles and responsibilities should be decided and documented, and communications protocols, such as the best place to store a hard-copy of the comms plan in case all digital networks are down, should be established.

  1. Process

IRPs should also be continuously evaluated to ensure they align with your organisation’s overarching policies and compliance requirements. Has senior leadership been given the opportunity to review, approve and communicate the IRP to all employees? Doing so increases the efficiency and effectiveness of IRPs, as senior leadership’s endorsement of the plan shows they support it and makes everyone aware of their roles and responsibilities in the event of a security incident.

Next, does your organisation collect feedback after every practice drill or actual incident? Are takeaways and feedback analysed and used to improve training and onboarding processes? Continuous improvement based on these learnings is key.

  1. Technology

From a technology point of view, it’s essential to consider who will provide post-event assessments. Is there a managed service or security operations centre (SOC) that can provide in-depth incident response (IR) assessments? Are these assessments capable of pinpointing forensic evidence within the environment?

Also, are backups regularly scheduled, stored offline, or stored in a secure cloud? Are they regularly reviewed and protected with passwords and encryption?

With regard to Data Forensics & Incident Response (DFIR), does your organisation have the necessary security technologies in-house to support the right people with the means to collect and analyse digital forensics artefacts, incident response actions (for containment and mitigation). Alternatively, is there an IR partner that can support your organisation in the event of an attack?

Finally, how is contextual information gathered? Is the security stack capable of detailed log collection? Is log data stored read-only with standard encryption in place?

How to prepare for an attack

Once your organisation has reviewed its cybersecurity readiness, one of the most important steps is to create a dedicated task force responsible for responding to a breach. Specific individuals – such as IT professionals, legal counsel, upper management, and any external partners or service providers that might be needed – should be named.

Developing a comprehensive cyberattack survival protocol that outlines the necessary steps to take during an attack is also vital. This protocol should include information on how to identify, contain and recover from the attack, as well as details on how to communicate with relevant stakeholders, such as employees, customers, and the media.

Proactive steps

The threat of cyber attacks is real and can have serious consequences for SMEs, including loss of sensitive data, financial losses and reputational damage. SMEs need to take proactive steps to protect themselves by assessing their cybersecurity readiness, establishing an incident response plan and educating employees on cybersecurity best practices. By doing so, they can significantly improve their cybersecurity posture and minimise the impact of cyber attacks – something that can mean the difference between recovery and insolvency.

With thanks to Antonio Vasconcelos, EMEA Field CISO Director at cybersecurity specialist SentinelOne.

For more advice on this and drafting your incident response plan, book your free 30-minute consultation with the Business Cyber team here.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.