NEED OF PARADIGM SHIFT IN CYBERSECURITY IMPLEMENTATION FOR SMALL AND MEDIUM ENTERPRISES (SMES)

Authors

Shekhar Pawar, Swiss School of Business and Management School GenevaFollow
Hemant Palivela, Swiss School of Business and Management GenevaFollow

Abstract

The increasing digitization of small and medium enterprises (SMEs) has significantly increased their attack surface, creating opportunities for various cyberthreats. In the global market, there are various cybersecurity standards and frameworks available, but there are still many cyber news stories from each corner of the world talking about increasing sophisticated cyber-attacks among organizations. According to recent studies, one out of five cyberattacks is targeting SMEs. Even though SMEs are relatively smaller as individuals, they are responsible for maximum contribution towards the betterment of the global economy, including the highest role in GDP and various employment opportunities. As compared to large organizations, SMEs generally have limited resources and funds and always have their own priorities for specific business domains. Existing cybersecurity standards and frameworks are generic in nature and are not in alignment with the business domain's goals of SMEs. Also, those are demanding the implementation of the hundreds of cybersecurity controls by SME to get certified to a certain level of global cybersecurity maturity. Using an international research study, in this paper the authors are going to assess the current cybersecurity posture of SMEs and problems faced by them with regards to the implementation of cybersecurity. Also, the authors will propose a new cybersecurity framework to resolve those problems, considering prioritization in the CIA Triad and Defense in Depth concepts.

Note on the Author(s)

Dr. Shekhar Ashok Pawar He is a DBA from the Swiss School of Business and Management (SSBM), Geneva, Switzerland. He is also the Founder and CEO of SecureClaw headquartered in Delaware, USA and India which is specialized in Cybersecurity services and software development business worldwide. He has been working as the lead cybersecurity auditor for many years for organizations in various regions. He is a Certified Ethical Hacker (C|EH), Computer Hacking Forensic Investigator (CHFI), and Certified Information Systems Auditor (CISA). He is also ISO 27001 Lead Auditor, PCI-DSS Implementer, and HIPPA Compliance Professional. He has also completed the "Diploma in Cyber Law" course conducted by Government Law College, Mumbai, and Asian School of Cyber Laws. He is Microsoft Certified Professional and Certified Blockchain Developer as well. In his earlier roles, he has international work experience in different Microsoft technologies and services. He has very good knowledge of CMMi processes and worked as an Assessment Team Member (ATM) for the successful CMMi Level 5 certificate renewal of Capgemini India in 2015. He is Engineering Graduate from Mumbai University and has done Executive Management with a specialization in Marketing and HR from SJMSOM, IIT-Bombay. He did DSP Applications & Programming from IIT-Madras. He is also the author of the international non-fiction book "Air Team Theory - Understanding 10 Types of Team Mates and Best Practices to Succeed”. He is the author of dozens of Cybersecurity articles for leading blogs and magazines.

Recommended Citation

Pawar, S. & Palivela, H. (2025). Pawar, Shekhar . International Journal of Cybersecurity Intelligence & Cybercrime, 8(1), - . DOI: https://doi.org/10.52306/2578-3289.1184
Available at: https://vc.bridgew.edu/ijcic/vol8/iss1/4

Copyright © 2025 Shekhar Pawar and Hemant Palivela