In the lead-up to International SMB Day, established by the United Nations, Kaspersky has unveiled a comprehensive report highlighting the increasing peril faced by small and medium-sized businesses (SMBs) in the current cyberthreat landscape. As SMBs comprise a remarkable 90 percent of all businesses globally and contribute to 50 percent of the world’s gross domestic product, according to United Nations data, there is increasing urgency for stronger cybersecurity measures to protect these economic powerhouses.
The latest Kaspersky Threats to SMB report exposed an ongoing and troubling reality as cybercriminals continue to target SMBs with a range of sophisticated tactics. It showed the number of SMB employees encountering malware or unwanted software disguised as legitimate business applications has remained relatively steady year-on-year (2,478 in 2023 compared to 2,572 in 2022), and cybercriminals are persisting in their efforts to infiltrate these businesses.
The fraudsters employ a multitude of methods, including exploiting vulnerabilities, employing phishing emails, deceptive text messages, and even utilizing seemingly harmless YouTube links, all with the aim of gaining unauthorized access to sensitive data. This concerning trend underscores the urgent need for enhanced cybersecurity measures to safeguard SMBs from the relentless onslaught of cyber threats. The report reveals that the total number of detections of these malicious files aimed at SMBs during the first five months in 2023 reached 764,015.
Exploits were the most prevalent threat to SMBs, accounting for 63 percent (483,980) of all detections during the first five months of 2023. These malicious programs target software vulnerabilities, permitting cybercriminals to run malware, elevate their privileges, or disrupt critical applications without any user interaction.
Phishing and scam threats also pose a significant risk to SMBs, with cybercriminals adeptly tricking employees into divulging confidential information or falling victim to financial scams. Examples of such deceptive tactics include fake banking, delivery, and credit service pages designed to deceive unsuspecting individuals.
Moreover, the Kaspersky report draws attention to a frequently utilized method for infiltrating employees’ smartphones, referred to as “smishing” – a clever combination of SMS and phishing. This technique involves the victim receiving a text message with a link, distributed through various platforms like SMS, WhatsApp, Facebook Messenger, WeChat, and others. If the unsuspecting user clicks on the embedded link, their device becomes vulnerable to the upload of malicious code, compromising its security.
The data used in this report was collected from January to May 2023 via Kaspersky Security Network (KSN), a secure system for processing anonymized cyberthreat-related data voluntarily shared by Kaspersky users. Kaspersky experts scrutinized the most widely used software used by SMBs worldwide, including MS Office, MS Teams, Skype, and others. By cross-referencing this software against KSN telemetry, the researchers determined the extent of malware and unwanted software distributed under the guise of these applications.
“The vulnerabilities faced by SMBs are not to be underestimated. As these businesses are the backbone of most countries’ economies, it is crucial that governments and organizations alike step up their efforts to safeguard these enterprises. Awareness and investment in robust cybersecurity solutions must become a top priority to protect SMBs from evolving cyber threats,” comments Vasily Kolesnikov, a security expert at Kaspersky.
