Cybercriminals have long since set their sights on small and medium-sized businesses. Classic defensive strategies, which focus primarily on damage limitation after an attack, no longer work. Now is the time to act proactively – with new technologies, collaborations and a strategic view of compliance.
SMEs are considered the backbone of the German economy. Hundreds of thousands of companies, from manufacturing companies to specialized suppliers and innovative service providers, make a decisive contribution to growth and employment. But it is precisely these companies that are increasingly coming under fire. For attackers, they represent a worthwhile target: they have valuable data, are part of sensitive supply chains, but rarely have the security budgets or expert teams of large corporations.
For many years, companies have understood IT security primarily reactively. Security departments reacted when malware had already struck. Security gaps were only closed after an attack had exposed them. And incidents were dealt with as soon as the damage had occurred. But this mode is no longer sustainable in an age of professionally organized cybercriminals. In view of ever new attack methods, AI-supported phishing campaigns and mass-traded access data, companies are otherwise in danger of losing touch.
Target SMEs: Threat situation intensifies
Cybercrime has developed into a highly professionalized business in recent years. Groups such as ransomware cartels, business email compromise actors (BEC) or so-called “initial access brokers” have established clear business models. The latter focus on gaining initial access to corporate networks and then reselling it on marketplaces. This creates an ecosystem based on the division of labor in which attacks are more efficient and targeted.
This development is particularly dangerous for medium-sized companies. While they are highly attractive targets, they often lack specialized security teams or 24/7 security monitoring. Another risk factor: Many of these companies are integrated into critical supply chains, for example in the automotive, pharmaceutical or energy industries. A successful attack can trigger domino effects with massive economic consequences.
Exposure Management: Seeing the attack surface through the eyes of the hacker
For a long time, classic vulnerability management was considered the ideal solution: systems were scanned, open security vulnerabilities were documented and then often processed in long lists. But in practice, most IT departments lack the time and resources to systematically address this flood of vulnerabilities.
This is exactly where a new approach comes in: exposure management. Instead of randomly cataloging vulnerabilities, the company’s own infrastructure is consistently viewed from an attacker’s perspective. Tools such as WithSecure Elements Exposure Management simulate attacks on networks and applications to show which vulnerabilities are actually critical, how an attack might unfold, and what chain of events would enable a successful intrusion.
The decisive advantage: Companies can use their scarce security resources where they achieve the greatest effect. Not every outdated software library poses an acute risk. But a publicly accessible application with weak authentication can be exploited by automated bots within hours. Prioritizing according to real attack risk is therefore a real game changer for SMEs.
New attack surfaces: cloud and identities
The threat situation is shifting dynamically. While classic infections via contaminated Office documents are decreasing, new gateways are gaining in importance. Analyses by WithSecure Intelligence show that cloud environments, identity systems such as Active Directory, macOS endpoints and browser-based applications are being attacked more and more frequently.
Of particular concern is the increase in stolen credentials as a gateway to entry. Compromised passwords were the cause of around 16 percent of recent security incidents – and the trend is rising. In hybrid work environments with remote access and cloud services, identity and access management has therefore become a key discipline. Strong authentication, well-thought-out access rights and user behavior analytics are no longer an option, but a must.
Compliance: From mandatory program to competitive advantage
Many medium-sized companies perceive regulations such as NIS2, DORA or the GDPR primarily as a bureaucratic burden. But those who view compliance only as a cost factor are missing out on opportunities. Companies that implement regulatory requirements early and systematically create trust among customers and partners – a decisive factor, especially in regulated industries such as healthcare, finance or critical infrastructure.
The “compliance by design” approach means that data protection and security requirements are built into products, processes and infrastructures from the very beginning. This saves costs in the long term, increases efficiency and reduces risks. Platforms such as WithSecure Elements have embedded this approach in their architecture, helping companies to remain not only compliant but also competitive.
Co-Security: Security in a network
Another obstacle for SMEs is the acute shortage of skilled workers. Many companies have neither the financial means nor the attractiveness to retain highly qualified security specialists in the long term. This is where the principle of co-security comes in: security tasks are carried out jointly with specialized partners.
Managed security providers, integrators or security manufacturers not only contribute expertise, but also up-to-date threat information, 24/7 support and scalable services. The result is a multiplier effect: each individual company benefits from the collective intelligence and resilience of the network. For medium-sized companies, this means a considerable gain in security without having to build up large teams internally.
Generative AI: Danger and rescue at the same time
Hardly any other technology is currently changing cybersecurity as much as Generative AI (GenAI). On the attacker’s side, deceptively real phishing emails, automated vulnerability scans and even polymorphic malware are created, which constantly changes its signatures and thus bypasses classic defense mechanisms.
But defenders also use the same technology. With solutions such as the AI assistant Luminen within the WithSecure Elements platform, risks are not only identified, but also explained in an understandable way, prioritized and provided with concrete recommendations for action. This is a valuable relief, especially for overburdened IT teams in medium-sized companies.
Autonomous AI agents go one step further, monitoring networks, automatically isolating compromised systems, and initiating countermeasures in real time. They act at machine speed – and thus offer a foretaste of the future of cyber defense.
It is important to use it responsibly. WithSecure, for example, sets clear guardrails: Data remains in Europe, is anonymized and processed in isolation, and the language models are so limited that there is no threat of “hallucinations” or data leaks. This is a decisive factor, especially for highly regulated industries.
Conclusion: Proactive is the new normal
The time of reactive cybersecurity is over. For Europe’s SMEs, proactive action is becoming a matter of survival. Those who rely on exposure management, co-security partnerships and AI-supported defense now not only gain security, but also a tangible competitive advantage.
After all, in a digital Europe that will be increasingly characterised by trust, agility and innovation, resilient and future-proof companies are the ones that take the step from reaction to prevention in good time.
