Zero trust model: how MSMEs can secure their digital assets


By Dipesh Kaura

Technology for MSMEs: The MSME sector is rightly hailed as the growth engine of the Indian economy. It comprises 6.33 crore (and counting) MSMEs which employ nearly 11 crore people and contribute about 30% of the country’s nominal GDP. As a sector, it is posting a double-digit year-over-year growth rate. The importance of MSMEs cannot be overemphasized in an India striving to achieve a $5 trillion economy.

Yet, it is also true that India’s MSME sector is far from running at full capacity. While its technology adoption rate is low at around 37%, its software-as-a-service adoption rate has fallen to a meager 7%. This reflects the untapped potential of the market as well as the inability to scale quickly. The reasons for this performance are multiple, the main one being the lack of means as well as that of technological know-how. However, when you take into account the policy support the sector continues to receive in the form of Make in India, Aatmanirbhar Bharat, the ECLGS program and more, one has to dig deeper

At the heart of MSMEs’ slow approach to technology adoption is concern over the security of their digital assets. They are overwhelmed with the sheer variety of platforms they must use and the capabilities required to productively manage their presence on all of them. The only way to create an environment of trust around the use of technology is to address deep-seated concerns about the security of online data and identities.

Understand MSMEs need for security

For 99.4% of the 6.33 crore MSMEs in India, which are micro-enterprises, the investment in plant and machinery does not exceed Rs 25 lakh. Small businesses make up just 0.52% of that number, totaling 3.31 lakh. Medium-sized companies, with investments of Rs 5-10 Crore, only total around 5,000. Thus, around 95% of Indian MSMEs would face severe existential crisis in the event of a cybersecurity incident.

It is also true that cybercrime incidents against businesses have increased in the post-Covid era. In 2021, nearly 62% of small businesses in India had been the target of cyberattacks that cost them more than Rs 3.5 crore in damages. This shows how small businesses are no longer considered too small for attack by cybercriminals. With the stakes being so high, MSMEs are wary of internet technology which brings additional vulnerabilities to their system, despite its enormous benefits.

The most common types of cyberattacks facing MSMEs today are ransomware, cryptojacking, phishing, password targeting attacks, and advanced persistent threat (APT) attacks. For MSMEs to protect themselves against such a complex multi-faceted problem, the solution must be easy to adopt and affordable to access.

Subscribe now to the Financial Express SME newsletter: your weekly dose of news, views and updates from the world of micro, small and medium enterprises

The Zero Trust cybersecurity model provides the comfort of complete security for a company’s digital assets. It is particularly effective because it acts where more than 80% of cyberattacks originate: in the misuse of identifiers within the network.

What is Zero Trust

As the name suggests, the Zero Trust security framework requires all users (external and internal) on a network to be continuously validated, authenticated, and authorized to access applications and data. A system where no one can avoid credential checks and validation procedures. Common zero-trust modalities include multi-factor authentication, advanced endpoint security and protection, and cloud technology.

Because a zero-trust model assumes no limits to its application, it is perfectly suited to today’s hybrid working conditions. It also happens to be the futuristic approach for the same reason.

How MSMEs can make the transition

The zero-trust model is phasing out the once-only verification process to enable the always-verify approach. This means establishing a network that ensures MSMEs are always in control of the different identities used to access various devices and data.

Setup is known to be elaborate and it consumes time and resources as you need to upgrade the IT infrastructure, which may include devices. This may seem a bit overwhelming, as MSMEs typically strive to protect cash flow as well as available time for their limited staff. This is where the small size of the MSME becomes a big advantage: a one-time investment going to zero trust amplifies its effect over time, making the business more secure and viable in the long run.

As an added benefit, the zero trust model can make MSMEs more confident about adopting new and advanced technologies in their business without worry. All they need is the right vendor that helps their organization transition to the zero trust framework and facilitates incremental progress, with the benefit of readily available technical support that includes cybersecurity training for their staff.

Dipesh Kaura is Managing Director of Kaspersky South Asia. The opinions expressed are those of the author.


Comments are closed.