News Why SMEs need a new kind of cybersecurity

Until recently, SMEs were less attractive to cybercriminals because the potential reward wasn’t worth the effort. But that has changed drastically, according to the Security Navigator 2025 from Orange Cyberdefense.

“There are several reasons for this,” explains Simen Van der Perre, Strategic Advisor at Orange Cyberdefense. “Large organisations have bolstered their defences so attackers now turn to easier targets. SMEs often lack the resources, budget or expertise of larger organisations. Many business owners still believe they are not a target and that actually makes them more vulnerable.”

Major impact on SMEs

Hackers have also refined their ransom demand tactics. “They know roughly what an SME makes and what a ‘realistic’ amount would be. Demanding a sum that seems feasible increases their chances of being paid. Even with a smaller ransom, the market remains highly lucrative,” says Van der Perre.

AI, automation and the rise of Ransomware-as-a-Service (RaaS) have made techniques such as phishing, vishing and social engineering more accessible and more effective. Van der Perre: “Although we haven’t yet seen any cases where AI fully takes over after a breach, it’s only a matter of time.”

A Mastercard survey among more than 5,000 SME owners across four continents shows how serious the threat has become: 46% of SMEs have suffered a cyberattack and nearly one in five had to cease operations or file for bankruptcy. “That is deeply concerning,” says Van der Perre. “SMEs account for two-thirds of all jobs in Belgium. Their role in the economy is crucial.”

An SOC service tailored to SMEs

So how can SMEs improve their protection? Visibility is essential. Large companies use a security operations centre (SOC) to monitor their IT environment and detect unusual activity. Until now, such a solution was out of reach for most SMEs. “A traditional SOC simply doesn’t fit the needs or capabilities of an SME,” explains Van der Perre. “You can give someone a Formula 1 car, but if they don’t know how to drive it, they won’t make it around the first corner.”

That is why Orange Cyberdefense developed Micro-SOC: a service tailored to the knowledge, budget and reality of SMEs. “There are many tools on the market that claim to be fully automated, but in practice the issue is much more complex. Micro-SOC automates the heavy lifting but also gives access to a real security analyst when it really matters.”

From prevention to detection

While most SME security solutions still focus on prevention, an SOC approach centres on detection and response. “Many SMEs still think they can keep intruders out but that is no longer realistic,” says Van der Perre. With Micro-SOC, they can detect threats before ransomware strikes. And many companies don’t even realise they are already compromised. When we spot something suspicious, we call them. We explain clearly what is happening and help resolve the issue.”

Smart automation keeps it affordable

“People are the most expensive part of cybersecurity. That’s why we use our analysts as efficiently as possible in Micro-SOC,” explains Van der Perre. “Instead of one analyst per two or three companies, as in our traditional SOC, Micro-SOC analysts monitor dozens of clients at once. That’s possible thanks to smart automation and by grouping companies with similar risk profiles.

The service has already proven its value: more than 3,000 clients – mostly with 20 to 1,000 IT assets – are now actively protected by Micro-SOC.

“In total, we manage more than 3 million assets. We also provide threat hunting – proactively searching for threats, even before any alerts appear. If we detect a threat in one or two companies, there’s a good chance that others with similar profiles face the same risk.”