Cybersecurity in SMEs: RC²™ [Risk, Controls & Culture]
In SMEs, there are limited resources that are always competing for allocation with varying revenue-generating components such as manufacturing and marketing. Cybersecurity risk is a business risk and should be allocated funding however the quantum of the allocation does not always meet the required level therefore a rationalization of the resources needs to be accommodated. This is where an RC₂ methodology would be applied for practical application to mitigate cybersecurity risk in SMEs. SMEs do not typically have the luxury of implementing NIST CSF or ISO 27001 frameworks but RC²™can help. RISK SMEs need to assess the level of cybersecurity business risk to the organization. This involves a critical look at the business to: ❶ Identify Assets – inventory, and classification of assessment ❷ Identify Threats – external, internal threats, and natural disasters ❸ Identify Vulnerabilities – technical, human and physical ❹ Assess Impact – data breach, email compromise, and…