Kaspersky Report: Ongoing Cyber Threats to Malaysian SMBs

Small and medium businesses (SMBs) remain to be the backbone of Malaysia. In fact, 97.4% of the country’s business establishments belong to this sector and contribute 38.4% of Malaysia’s gross domestic product (GDP) and 42.8% to local employment.
Kaspersky’s latest data shows that SMBs here are not spared from cybersecurity threats.

In the first half of 2023, 290 SMB employees encountered malware or unwanted software disguised as business applications, with 193 unique files distributed this way. The total number of detections of these files was 2,184.

Malware, an umbrella term for “malicious software”, is designed by and for professional cybercriminals to cause harm to a user’s device or network. It encompasses a variety of cyber threats such as Trojans and viruses (ransomware is a form of malware). Malware attacks are destructive to small businesses as they can cripple devices requiring expensive repairs or replacement. Malware also give attackers a back door to access and steal data, putting both customers and employees at risk.

Comparison data for SMB in Malaysia H1 2022 versus H1 2023
(unique files – malware detected and blocked by Kaspersky solution, unique hits – number of times cybercriminals attempted to attack, unique users – users of Kaspersky solution)

The statistics used in this report were collected by Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users. To assess the threat landscape for the SMB sector, Kaspersky experts collected the names of the most popular software products used by its clients who owned small or medium-sized businesses around the world. The final list of the software includes MS Office, MS Teams, Skype and others used by the SMB sector. The Kaspersky team then ran these software names against Kaspersky Security Network (KSN) telemetry to find out how much malware and unwanted software was distributed under the guise of these applications.

“As cybercriminals target SMBs with all types of threats — from malware disguised as business software to elaborate phishing and e-mail scams — businesses need to stay on high alert. This is critical, because a single cyberattack can lead to catastrophic financial and reputational loss for a company, regardless of its size,” says Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky.

CyberSecurity Malaysia received 3,327 cyber incident reports as of July 2023, with 62% focused on fraud.

“While the data gathered by our analysts shows that the cybercriminals are active during the first half of the year and the trend seems the same for both 2022 and 2023, we do not encourage SMBs to put their guards down. CyberSecurity Malaysia shared recently that Malaysian SMBs lack sufficient cybersecurity awareness and acceptance in their businesses to deal with the growth of technology. So, for us at Kaspersky, we encourage SMB owners to seek help when they need it because cybercrime is a societal issue that needs a multi-stakeholder approach,” adds Yeo.

To keep your business protected from cyber threats, we recommend the following:

• Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that they know how to recognize phishing e-mails.
• If you are a Microsoft 365 user, remember to protect that too. Kaspersky Security for Microsoft Office 365 includes dedicated apps that target spam and phishing, and protect SharePoint, Teams and OneDrive for secure business communications.
• Set up a policy to control access to corporate assets, such as e-mail boxes, shared folders and online documents. Keep it up to date and remove access if the employee has left the company or no longer needs the data. Use cloud access security broker software that can help manage and monitor employees’ cloud activity and enforce security policies.
• Make regular backups of essential data to ensure that corporate information stays safe in an emergency.
• Provide clear guidelines on the use of external services and resources. Employees should know which tools they should or should not use and why. Any new work software should go through a clearly outlined approval process by IT and other responsible roles.
• Encourage employees to create strong passwords for all digital services they use and to protect accounts with multi-factor authentication wherever applicable.
• Use professional services to help you get the most out of your cybersecurity resources. The new Kaspersky Professional Services Packages for SMB provides access to Kaspersky’s expertise on assessment, deployment and configuration: all you need to do is add the package to the contract, and our experts will do the rest.
• Use a security solution for endpoints, such as Kaspersky Endpoint Security for Business or Cloud-Based Endpoint Security, to minimize the chances of infection.
• Have a comprehensive defensive concept that equips, informs and guides your team in their fight against the most sophisticated and targeted cyberattacks like the Kaspersky Extended Detection and Response (XDR) platform.

For local SMBs, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo which allows businesses to enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support.