In a special edition of the Quocirca ‘In the Spotlight’ podcast, Louella Fernandes, Director of Quocirca, sat down with Jason Cort, Director of Product Planning and Marketing at Sharp Europe, to explore a range of subjects for SMEs, including cybersecurity in today's era of artificial intelligence.
The conversation opened with Louella stating that digital security is a fundamental part of doing business in a modern economy and that it comes as no surprise that 43% of cyber-attacks now target small and medium-sized businesses (SMEs).
Jason responded by highlighting the critical the areas of vulnerability for SMEs. First, limited resources often prevent SMEs from investing in robust cybersecurity infrastructure or outsourcing to IT Services security specialists. Second, many lack awareness about the evolving threat landscape, while outdated technology is another point that creates security gaps cybercriminals can look to exploit. Finally, a focus on core business operations often pushes cybersecurity to the back burner.
Summing up the theme, Jason suggests that: “when you look at all of that together, that's why SMEs are attractive to cyber criminals.”
Cybersecurity and AI is a Growing Threat
The conversation turned to how cyberattacks are increasing in their sophistication, particularly around the emergence of AI-driven attacks. At the most extreme, cybercriminals are using deep fake technology “to create what appears to be a communication from real people or events are happening,” says Jason. “And actually, none of it is really happening. We call these deep fakes.” Such fake communications can fool even the most vigilant of employees.
However, as Jason points out, traditional threats like phishing, malware, and ransomware continue to evolve and remain the most common form of threat. Equally, business email compromises have become increasingly sophisticated, leading to significant financial losses for unprepared organisations.
Business Regulations for SMEs
“And it's not just financial losses but reputational damage, as well as operational disruption, for these small businesses,” Jason highlights. “Then there is also the changing regulatory landscape which is having an impact.”
Jason explains the challenges of an increasingly complex regulatory landscape for SMEs. From GDPR (General Data Protection Regulation) to NIS2 (Network Information Systems 2) directives and the UK's Cyber Essentials certification scheme, SMEs must navigate and meet an ever-growing range of compliance requirements. While larger enterprises might have dedicated teams for this purpose, SMEs often struggle to keep up with these obligations while maintaining their day-to-day operations.
Compliance is not just about cybersecurity, as Jason discusses the emerging need for greater sustainability. “The corporate sustainability reporting directive, which came into effect in January of this year, is really targeted at large enterprise and major accounts but there is intent for the European regulators to extend that down to capture more and more smaller businesses,” he explains.
It is agreed that the business landscape is getting more complicated for SMEs to navigate without support from third-party experts capable of helping businesses be compliant while delivering growth.
Employees as the First Line of Defence
Louella turns the conversation to employees and the need to be able to train employees to recognise threats, as often employees are the first line of SME defence. This is something Jason agrees with, pointing out that while employees are often seen as the weakest link in cybersecurity, this vulnerability stems from inadequate training rather than inherent risk.
Jason highlights that research carried out by Sharp Europe and others reveals a significant gap between employer perception of cybersecurity training needs and the actual training provided to employees. In an age where AI-driven attacks are becoming more sophisticated, employees need both a grounding in everyday security awareness and ongoing training to stay ahead of emerging threats.
For SMEs looking to enhance their cybersecurity strategy, the conversation highlights three essential steps a business can take to start ensuring employees are the first line of security defence:
1. Conduct a comprehensive cybersecurity audit to understand your current security status and vulnerabilities.
2. Implement regular employee training using accessible, cloud-based solutions that provide both foundational knowledge and practical simulations.
3. Establish continuous monitoring systems, potentially through a managed service provider, to maintain ongoing vigilance against threats.
Security awareness training need not be intensive, as Jason says: “Online training modules are made up of micro snippets of learning that take five, maybe 10 minutes, to go through. And doing a number of these over a reasonably short space of time gives people more flexibility because they have their day-to-day jobs to do as well.”
Cybersecurity for Business Growth
Investing in cybersecurity isn't just about prevention, it is also about supporting business growth. As customers become increasingly conscious of data protection, strong cybersecurity measures can become a competitive advantage. Organisations that demonstrate robust security practices often find it easier to win and maintain customer trust, potentially leading to increased revenue.
The conversation looks to the future and how AI will continue to evolve, ensuring that cybersecurity challenges will only become more complex. With nearly a third of employees already expressing anxiety about AI making cyber-attacks harder to detect, SMEs need to build resilient security practices that protect both their operations and their customers' data. This means implementing proper training, support, and technological solutions.
By understanding the threats, implementing proper training, and maintaining continuous vigilance, SMEs can protect themselves against the growing number of cyber-attacks while building stronger, more trusted relationships with their customers.
Watch the full ‘In the Spotlight’ interview with Jason Cort and Louella Fernandes
