Mariska Scriba, Head of Enterprise Security Services at MTN Business.

The importance of the SME in the supply chain across multiple industries cannot be overstated, but they pose some serious potential cybersecurity vulnerabilities that larger companies are doing their utmost to mitigate through implementing third-party security assessments, adopting strict data privacy standards for their SME suppliers and enforcing compliance through cybersecurity best practices.

According to Mariska Scriba: Head of Enterprise Security Services, MTN Business South Africa, SMEs are potentially as vulnerable – if not more vulnerable – to identity theft, phishing attacks, social engineering, ransomware and malware incidents as larger entities. Cybercriminals often target SMEs due to weaker security postures, which, in turn, jeopardises bigger enterprises’ cybersecurity measures.

“The steps taken by larger enterprises help protect their own systems and shield SMEs from cascading cyber threats,” says Scriba. “Enterprises have to take their cybersecurity very seriously in order to safeguard their data and that of other supplier partners.

“The convergence of Internet of Things (IoT) and operational technology (OT) presents unique cybersecurity risks. The widespread adoption of IoT devices across various sectors, from healthcare to mining and manufacturing, has introduced new vulnerabilities.

“At MTN, we are witnessing an increasing trend of cyber threats targeting IoT ecosystems, necessitating comprehensive security measures that encompass both network and endpoint protections. The complexities we are seeing within the SME sector include IoT devices expanding the attack surface and the operational technology deployed often lacks built-in security. We address challenges and complexities through our network security solutions, real-time monitoring and secure IoT integration.

“We’re seeing SMEs beginning to explore AI-driven threat detection and response solutions and both AI and machine learning help automate security processes, detect anomalies and identify threats before they escalate.” 

Asked what other promising work MTN is seeing with SME cybersecurity, Scriba says SMEs are working on getting user buy-in to preventing cybersecurity risks and developing a risk awareness culture, increasingly focusing on user awareness by implementing regular training programmes and fostering a culture of vigilance. Employee buy-in is being secured by highlighting personal and professional risks of poor cybersecurity practices.

“There has also been a noticeable increase in private sector initiatives aimed at developing cybersecurity skills, ranging from in-house training to partnerships with educational institutions,” says Scriba. “We are proactive in nurturing cybersecurity talent through our own dedicated MTN programmes, such as our two-year graduate programme designed to equip young professionals with essential cybersecurity skills and knowledge.

“We’re also seeing SMEs gradually adopting zero-trust models for cybersecurity due to the rise of remote work and mobile device usage, recognising that zero-trust architecture ensures no user or device is trusted by default, which secures network access.”

Scriba says the relationship between cybersecurity, risk, and governance is more intertwined than ever, adding that effective governance frameworks are critical for ensuring that cybersecurity measures are aligned with business objectives and regulatory requirements.

“SMEs need to be savvy around what developments are taking place in terms of comprehensive risk management strategies that address both current and emerging threats. “Many SMEs are becoming increasingly aware of regulatory compliance, such as PoPIA. We help these SMEs navigate compliance and risk challenges through our managed services, including secure cloud environments, email security and mobile device management.

We also provide advisory services to SMEs tailored to the latest governance, compliance and data privacy laws, with an approach that ensures compliance is seamless and efficient.”

Scriba says that while awareness is growing, not all SMEs prioritise risk management or have a robust disaster recovery plan in place. However, she says that proactive SMEs benefit from minimised disruptions and improved customer trust and that MTN encourages adopting comprehensive risk management frameworks to protect operations.

“A key point to consider is that SMEs often underestimate the value of a proactive cybersecurity strategy until a breach occurs; for an unprepared SME, a breach can be devastating. At MTN, we emphasise the importance of being prepared rather than reactive. We empower SMEs through tailored cybersecurity training and development programmes intended to build a security-conscious workforce.

“By providing ongoing training, awareness programmes, and advisory services, we ensure that SMEs are equipped to handle emerging threats and compliance challenges, enabling them to grow confidently in the digital world. Additionally, our partnerships with global leaders ensure that SMEs have access to the latest technologies and best practices, ensuring they stay ahead in an ever-evolving threat landscape.”

“We constantly seek cybersecurity partners who share our commitment to excellence, innovation, and integrity, who enable us to deliver exceptional, end-to-end, multi-layered security solutions. These collaborations allow us to provide comprehensive protection across all levels of our SME clients’ infrastructure. Through these strategic alliances, we can enable our clients to confidently navigate the complexities of the cyber threat landscape.

“Another significant factor impacting on SME cybersecurity is the shortage of skilled cybersecurity professionals and sourcing cybersecurity expertise may be unaffordable for the SME. MTN fills this gap by providing affordable, managed cybersecurity services, including cloud security, managed firewalls and anti-DDoS solutions, which offer enterprise-level protection without requiring in-house expertise.

“Outsourcing to MTN means access to enterprise-grade protection at a fraction of the cost. The full suite of managed services means having scalable solutions with real-time threat management and expert support at the SME’s fingertips. In-house solutions may offer more direct control, but are costlier and require more resources, plus their complexity and skills challenges can overwhelm many SMEs.

“The bottom line is SMEs can enhance their cybersecurity posture by adopting a proactive and holistic approach. This includes regular risk assessments, continuous monitoring, and the implementation of advanced threat detection and response solutions. Building a culture of security where cybersecurity is viewed as a shared responsibility can significantly reduce risks,” concludes Scriba.

#BusinessDoneBetter

Visit www.mtnbusiness.co.za for more on our ICT Solutions