Fake it until you make it has long been the unofficial mantra of entrepreneurs. Unfortunately, when it comes to cybersecurity (opens in new tab) it’s also become the inspiration for an insidious new breed of cyber criminals that threaten to disrupt those who have succeeded in creating thriving enterprises.
Earlier this year a UK-based CEO was reportedly conned out of more than £200,000 after a fraudster used AI voice technology to spoof his colleagues’ voice through what is known as deep fakery.
As such technology becomes as common as distributed denial of service attacks, it is important that businesses of all sizes asses their vulnerabilities and ready themselves to defend against an ever more challenging landscape of cyber threats than simply arm themselves with antivirus software (opens in new tab).
Paul Taylor is chair of the Royal Academy of Engineering’s Enterprise Hub SME Leaders Steering Group and and Cybersecurity Partner at KPMG.
Adapt and survive
Amongst the UK’s scaleup businesses, investment in cybersecurity is often seen as a secondary concern to investment in productivity software (opens in new tab) and efficiency-enhancing technology. It is tempting to believe that with so many smart minds in your team that your own enterprise couldn’t possibly fall foul of a cyberattack.
According to figures from insurer Hiscox, the reality is that the proportion of small firms (less than 50 employees) reporting one or more incidents is up from 33% to 47% in 2019. For mid-sized firms of up to 249 employees, the proportion has leapt from 36% to 63%, due to inadequate endpoint security software (opens in new tab).
The good news is that for SMEs, implementing effective policies and cybersecurity training (opens in new tab) to make your workforce more aware can be relatively straight-forward in comparison to a larger enterprise. After all, agility and flexibility are two major advantages that small firms trade upon.
AI and Machine Learning
SMEs are bombarded by vendors keen to equip them with the latest productivity-enhancing technology. I would urge buyer beware. Many of Britain’s thriving FinTech and MedTech firms are already well advanced in applying AI and Machine Learning within their businesses. Recent figures from Gartner reveal that 37% of enterprises have already implemented AI within their businesses, a 270% leap in 2019.
Before jumping in with both feet it is crucial to consider the opportunities and the risks that implementation of AI and Machine Learning (opens in new tab) could bring to your enterprise. As with all advances, there are both upsides and downsides to adopting Machine Learning within your business.
The benefit is that it can help sort the wheat from the chaff in a way that would otherwise require huge amounts of staff resource. Every business generates thousands of pieces of data every day, from customer interactions to supplier transactions. Machines can help you prioritise and automate responses. They can also vastly increase the efficiency of internal security teams and centres, spotting threatening and unusual system activity before irreparable damage is done.
But, on the flip side, machine learning has now been routinely adopted by criminals. In the future AI will increasingly be used to continuously and automatically probe for vulnerabilities in networks. Today, while 80% of malware (opens in new tab) has been seen before, cybercriminals are already using machine learning to create variants of such code at a rate that outstrips the ability of cybersecurity firms to respond. More worryingly, 5% of malware is entirely new, without precedent and therefore without effective protection.
It’s therefore paramount that SME leaders are not only attracting and retaining the right talent, but also retraining current employees and upskilling them, so they are trained to avoid unnecessary data breaches and respond quickly to emerging threats, and equipped against threats such as using anti-ransomware software.
How can mentorship help you up your cybersecurity game?
Entrepreneurs are usually brilliantly technically accomplished in their field, but often lacking in the rounded business skills commonly found across the teams in larger competitors.
Thankfully there are many programmes out there that can help bridge such skills gaps. The Royal Academy of Engineering’s Enterprise Hub SME Leaders Programme provides access to experienced industry professionals to act as mentors and pass on our knowledge to up and coming entrepreneurs.
Most mentors will have direct experience of many of the same cybersecurity problems that scaleup businesses face. As the quote goes, ‘those who fail to learn from history are condemned to repeat it’ and it is for this reason that such mentors are ideal counsel for the next generation of entrepreneurs.
In an age when deep fakery can cause all of us to doubt the evidence of our eyes and ears, the importance of seeking counsel from a trusted network of peers has never been more important. I’m confident that by working together, our nation of dedicated makers is well equipped to fend off the deep fakers.
Paul Taylor is chair of the Royal Academy of Engineering’s Enterprise Hub (opens in new tab) SME Leaders Steering Group and and Cybersecurity Partner at KPMG.
- Protect your business with the best cloud antivirus software (opens in new tab).
- Be more secure online with the best password manager (opens in new tab).