Cyber Security

Zero trust model: how MSMEs can protect their digital assets

Zero trust model: how MSMEs can protect their digital assets
Written by ga_dahmani
Zero trust model: how MSMEs can protect their digital assets

By Dipesh Kaura

Technology for MSMEs: The MSME sector is rightly hailed as the growth engine of the Indian economy. It comprises Rs 6.33 crore (and counting) MSMEs employing nearly Rs 11 crore and contributing around 30 per cent of the country’s nominal GDP. As a sector, it has a double-digit year-on-year growth rate. The importance of MSMEs in an India that is striving for a $5 trillion economy cannot be overstated.

However, it is also true that India’s MSME sector is far from running flat out. If your technology adoption rate is low, around 37 percent, that of software as a service drops to a meager 7 percent. This reflects the untapped potential within the market, as well as the inability to scale quickly. There are a variety of reasons for this performance, the main one being a lack of resources, as well as a lack of technological know-how. However, when considering the policy-making support the sector continues to receive in the form of Make in India, Aatmanirbhar Bharat, the ECLGS scheme and more, one must dig deeper.

At the core of MSMEs’ slow approach to technology adoption is concern about the security of their digital assets. They are overwhelmed by the sheer variety of platforms they need to use and the capabilities required to productively manage their presence on all of them. The only way to create an environment of trust around the use of technology is to address deep-seated anxieties related to the security of data and online identities.

Understand the need for security of MSMEs

For up to 99.4 per cent of the Rs 6.33 crore MSMEs in India, which are micro-enterprises, the investment in plant and machinery does not exceed Rs 25 lakh. Small businesses make up just 0.52 per cent of this number, coming to 3.31 lakh businesses in total. Medium-sized companies, with investments of Rs 5-10 Crore, number only 5,000 or so. Therefore, about 95 percent of MSMEs in India would face a serious existential crisis in the event of a cybersecurity incident.

It is also true that cybercrime incidents against businesses have skyrocketed in the post-COVID-19 era. In 2021, nearly 62% of small businesses in India were targeted by cyber attacks costing them more than Rs 3.5 crore in damage. It shows how small businesses are no longer considered too small for attack by cybercriminals. The stakes are so high that MSMEs are wary of Internet-enabled technology that brings additional vulnerabilities to their system, despite its enormous benefits.

The most common types of cyber-attacks facing MSMEs today are ransomware, cryptojacking, phishing, password-targeted attacks, and advanced persistent threat (APT) attacks. For MSMEs to protect themselves against such a seemingly complex multiple problem, the solution must be easy to adopt and affordable to access.

Subscribe now to the Financial Express SME newsletter: your weekly dose of news, views and updates from the world of micro, small and medium enterprises

The zero-trust model of cybersecurity offers the convenience of comprehensive security of a company’s digital assets. It is particularly effective because it acts where more than 80% of cyberattacks originate: in the misuse of credentials within the network.

What is zero trust?

As the name suggests, the zero-trust security framework requires that all users (external and internal) on a network be continually validated, authenticated, and authorized to access applications and data. A system where no one can bypass credential checks and validation procedures. Common zero-trust modalities include multi-factor authentication, advanced endpoint security and protection, and cloud technology.

Because a zero-trust model assumes no limits on its application, it is perfectly suited for today’s hybrid working conditions. It also happens to be the futuristic approach for the same reason.

How MSMEs can make the transition

The zero-trust model phases out the one-time verification process to enable the always-verify approach. It means establishing a network that ensures that MSMEs are always in control of the various identities that are used to access various devices and data.

Setup is known to be complicated and time and resource consuming as you need to update your IT infrastructure, which may include devices. It may seem a bit overwhelming, as MSMEs often struggle to protect cash flows and available time for their limited staff. This is where the small size of MSMEs becomes a huge advantage: a one-time investment in transitioning to zero trust compounds its effect over time, making the business more secure and viable in the long run.

As a bonus, the zero trust model can make MSMEs more confident to adopt new and advanced technologies in their business without worry. All they need is the right vendor to help their organization transition to a zero-trust framework and facilitate incremental progress, with the benefit of readily available technical support including cybersecurity training for their staff.

Dipesh Kaura is General Manager of Kaspersky South Asia. The opinions expressed are those of the author.

About the author


Leave a Comment