Abstract:

Small and medium-sized enterprises (SMEs) are increasingly exposed to sophisticated cybercriminal campaigns while lacking the financial and human resources available to large corporations. At the same time, market pressure forces SMEs to digitalize their operations, making core business processes directly dependent on IT infrastructure that is often neither highly available, nor redundant, nor easily scalable. This paper analyses the specific context of the SME sector by first clarifying the formal EU classification of micro, small, and medium-sized enterprises, and then examining their typical level of digital maturity, organizational structures, and IT budgeting practices. Based on recent national and international reports, the study characterizes the prevailing IT landscape in SMEs, including the dominance of basic communication tools and office suites, the widespread use of Windows-based workstations, the popularity of NAS platforms and affordable server solutions, as well as the reliance on Gigabit Ethernet and WLAN as core networking technologies. The paper also reviews major external and internal cyber threats affecting SMEs, with particular emphasis on software vulnerabilities, compromised credentials, ransomware, Trojans, spyware, and self-replicating malware, as well as insider threats and social engineering attacks that exploit the human factor as the weakest link. Building on this analysis, the paper proposes a concept of a low-budget, corporate-class IT infrastructure tailored to SMEs, focusing on security, performance, redundancy, scalability, and ease of administration, while remaining as hardware-agnostic as possible. The approach combines technical measures-such as patch management, network segmentation, and the deployment of next-generation firewalls-with organizational controls and security awareness initiatives. The ultimate goal is to enable SMEs to achieve a significantly higher level of cyber resilience without requiring enterprise-scale resources.