Philip Hung Cao

Stay Hungry. Stay Foolish.

Helping SMEs Thwart Cybercrime

2 min read


The common perception among many in small and medium-sized enterprises (SMEs) is that cybercrime takes place only at large, multinational enterprises. Nothing could be further from the truth.

In fact, cybercriminals are aware of that perception and know that SMEs are easier targets. According to two new ISACA guides: Cybersecurity Guidance for Small and Medium-sized Enterprises andImplementing Cybersecurity Guidance for Small and Medium-sized Enterprises, another negative factor has been the cost and historically poor performance of cybersecurity programs.

These new guides are designed to help the typical SME achieve reasonable security at an affordable cost. They also help SMEs prepare for, and manage, typical cybersecurity issues, risks and threats.

Think of your cybersecurity strategy as the same one you would use to protect a private property. If the target is visibly protected and likely to offer resistance, most would-be attackers are likely to move on to the more vulnerable target.

Of course, no business enterprise can predict tomorrow’s cyber threat or attack—only the likelihood that they are lurking for the most vulnerable. However, even SMEs with limited resources can strengthen the enterprise from attacks if they adopt a sensible strategy.

Cyber security is a process and not an end result. SMEs need to continually improve their security programs to keep pace with technology and new risk and threats.

Cybersecurity Guidance for Small and Medium-sized Enterprises incorporates elements of continuous improvement toward increased sophistication. Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises is a companion publication to this Cybersecurity Guidance and is available to users of the guidance. It provides practical advice on how to implement cybersecurity governance, risk management, assurance and compliance using the Cybersecurity Guidance for SMEs and its COBIT 5 foundation.

Director of information security and IT assurance at BRM Holdich


Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved