Over half a million cyberattacks against Philippine small and medium enterprises (SMEs) were thwarted by cybersecurity firm Kaspersky in just the first six months of 2022 alone.
Over that same period, Kaspersky noted that fraudsters launched over 11 million attacks against SMEs across the Southeast Asia (SEA) region.
SMEs are the lifeblood of expanding SEA economy, making up more than 90% of the region’s private firms. But as a result of the devastating effects of the pandemic, many people are turning to online shopping and other forms of digitalization in order to get back on their feet. Unfortunately, this has caught the attention of malicious hackers.
“SMEs here play a huge role in the economic growth of Southeast Asian countries and the region as a whole. The cost of a single data breach against an SMB is $74,000 in 2021, according to our latest report. We all know that this sector has been on its knees since the pandemic and with the wave of attacks cybercriminals are launching against them, we should find the balance of including cybersecurity into their limited budget to ensure a more sustainable recovery,” said Kaspersky SEA general manager Yeo Siang Tiong.
“Small business owners may think their companies are too insignificant to become a target for cybercriminals. There is a certain logic in that because attackers usually look for maximum profit from minimum effort. However, enterprises and government organizations should remember that SMBs are usually third-party suppliers to bigger companies and critical entities. This sector is part of a bigger chain and like dominoes, if a single password stealer can enter into a small enterprise’s systems, consider the entire chain compromised,” Yeo warned.
To keep safe, Kaspersky recommends the following points:
- When it comes to granting access to resources or services you should follow the least privilege principle. That is, an employee must have the minimum set of access rights — enough only to perform their tasks.
- Know exactly where your important information is stored, and who has access to it. From this, develop guidelines when hiring new employees, including clearly defining which accounts are needed for each employee, and which ones should be limited only to certain roles.
- Mature corporate cybersecurity culture helps to prevent many cyberthreats. You can, for example, start with creating a cybersecurity manual for employees so that everyone is on the same page. Here’s a good example for new employees.
- All passwords must be stored in a secure password manager. It will help your employees not to forget or lose them and also to minimize the chance that an outsider will get access to your accounts. Also, use two-factor authentication mechanisms wherever possible.
- Advise your employees to lock their computers when they walk away from the desk. They should keep in mind that an office can be visited by all kinds of third parties, including couriers, clients, subcontractors, or job seekers.
- Consider installing antivirus software in order to protect devices from viruses, trojans and other malicious programs.
