The World Trade Organisation estimates that SMEs represent more than 90% of all businesses worldwide, and, according to Kaspersky, a cyber security incident is one of the most challenging types of crises a small business could face.
Experts from Kaspersky analysed the weak points SMBs may have and outlined some major cyberthreats that entrepreneurs should be aware of and seek to address.
- Data leaks caused by employees
There are different ways a company’s data may be leaked – and, in certain cases, it might happen involuntarily. During the pandemic, many remote workers used corporate computers for entertainment purposes.
Kaspersky says the trend is here to stay, and while during 2020, 46% of employees had never worked remotely before, now two-thirds of them state they wouldn’t go back to the office, with the rest claiming to have a shorter office work week.
- DDoS attacks
Kaspersky notes that many DDoS attacks go unreported, because the payout amounts are often relatively small.
- Supply chain
Being attacked through a supply chain typically means a service or program that an organisation has been using for some time has been adapted to be malicious. These are attacks delivered through the company’s vendors or suppliers – the examples can include financial institutions, logistics partners, or even a food delivery service. And such actions may vary in its complexity or destructiveness.
- Malware – encryptors
More than a quarter of SMEs opt for pirated, or unlicensed software which could include malicious or unwanted files that may exploit corporate computers and networks. Kasprsky says the most common emerging malware threats are encryptors, which seek a company’s data, money, or even personal information of its owners.
- Social engineering
It’s well-established that as a result of the pandemic, many companies have moved much of their workflows online and increased use of new collaboration tools. In particular, Microsoft’s Office 365 suite has seen a lot more use; as a result, phishing now increasingly targets those user accounts. Scammers have been trying many different methods to get business users to enter their account access details on a website made to look like Microsoft’s sign-in page.
Kaspersky has uncovered many new ways that phishing scammers are using to try to fool potential victims, for example, some are mimicking loan or delivery services – sharing false websites or sending emails with fake accounting documents.
A recent survey by Kaspersky showed that 41% of SMEs have a crisis prevention plan and do care about cybersecurity. It also indicates that these companies understand how challenging IT security incident remediation can be and tends to indicate that they will be looking to implement reliable protective measures.
