From street stalls to startups – why cybersecurity isn’t just for big business

Cyber-attacks – through hacking, ransomware, malware and phishing – not only bring financial loss, but can hit a company’s productivity and tarnish its reputation. Eighty per cent of those who had suffered attacks told Mastercard that they were forced to spend precious time rebuilding trust with clients and partners.

Johan Gerber, global head of security solutions at Mastercard, says: “Criminals have access to AI and other sophisticated technology to find and attack vulnerable businesses. Cybersecurity isn’t just a technology investment, it is critical to the security of small businesses and the fabric of our society.”

A real and constant threat

It’s not just business owners who are affected by cybercrime; their customers and suppliers are caught up in it too, most often seeing their personal data stolen when a breach occurs. SMEs are often more vulnerable, with their own workers the frontline in cyber-defence and sometimes the weak link. In the Mastercard survey, 73% of business owners said that getting employees to take cybersecurity seriously was a challenge.

Kyriakos Baxevanis, an entrepreneur in Brighton, East Sussex, runs a popular local Greek restaurant, Nostos, as well as Little Jasmine Therapies and Spa, and agrees the threat from cybercriminals is on the increase.

“Across hospitality, health and wellbeing, and our events and catering, we see continuous attempts at phishing, fake card transactions, invoice redirection attempts, impersonation emails and social engineering attacks,” he says.

“The sophistication has increased dramatically, especially attacks appearing to come from trusted partners, suppliers or internal staff. The threat is very real and constant.”

Baxevanis’s experiences chime with Mastercard’s research, but while this showed how 86% of SMEs had conducted an active cybersecurity risk assessment and had a cyber-attack prevention plan in place, just 23% were actually very satisfied with that plan.

Worryingly, again only 23% admitted to being “very confident” in their ability to identify threats, which is a huge problem given that Baxevanis feels SMEs are targeted precisely because criminals believe they don’t have the same resources as large corporates. “Fraud is no longer amateur; it’s organised, intelligent, and persistent,” he warns.

The virtual world is vulnerable

For consumers, cybercrime is also a big concern, with 60% of those surveyed in a further Mastercard study saying that being scammed is now almost inevitable.

Some 76% were more concerned now about cyber-risks affecting their life than two years ago, and with AI being harnessed more deeply and more regularly by cybercriminals, only 13% were “very confident” in their ability to identify AI-generated threats or scams.

“If people feel more vulnerable in the virtual world than in their own homes, that signals that the trust in the technology that governs our lives is under threat,” says Gerber.

Two-thirds said they would stop shopping at a retailer where they experienced transaction fraud and this leads Gerber to say: “Integrity and trust are key requirements for businesses to thrive in the long term. This is especially true for small and medium-sized enterprises managing or storing consumer data … A secure ecosystem benefits everyone, from street stalls to global enterprises.”

Baxevanis worries that with many SMEs fighting daily fires, some might see cybersecurity “like a luxury until something goes wrong”. “Awareness often only becomes real after a scare or a loss,” he says. “Too many assume, ‘It won’t happen to us.’”

Sharing knowledge to protect everyone

It can be hard to put a figure on the scale of losses and damages from cyber-attacks, as a World Bank study points out, but the total runs into many billions.

To counter these threats, Mastercard partners with cybersecurity experts, law enforcement and policymakers globally, and invests in innovation so business owners can focus on what they do best – serving their customers.

Its Business Builder program offers credit and debit cards for small businesses which include cybersecurity services to help protect against fraudsters through the use of enterprise-grade security technology and expertise. ID Theft Protection also enables consumers to be alerted if their identity appears to have been stolen. A vulnerability scanner, My Cyber Risk, assists in pinpointing and prioritising cybersecurity threats to a company’s websites or apps.

With cybercriminals often finding their way in through human rather than technological failure, Mastercard has tools to prevent fraudulent applications made in the names of business owners or employees. The Mastercard Trust Center offers SMEs a free platform to use packed full of research, resources and tools.

Baxevanis advises SMEs to talk to one another about the growing threats because “shared knowledge protects everyone” as does a strong focus on internal education. “This is proactive prevention,” he says. “It includes training staff to identify suspicious activity and phishing. Culture is important because people can be the strongest defence or the weakest link.”

This is clearly a critical piece of the preventative puzzle when you consider the Mastercard survey of businesses revealed that only a quarter were “very confident” in their ability to educate employees on cybersecurity best practices.

Gerber points out: “It all starts with basic cyber-hygiene: it is vital businesses have an understanding of their digital supply chain. There are multiple sources of support for SMEs, including via the Mastercard Trust Center and through our partnership with non-profits like the Global Cyber Alliance, providing free education and resources.”

Find out how Mastercard for business can help keep your company and your customers safe