Cybercriminals continue to target small and mid-sized businesses (SMBs) as they spread malware disguised as business software.
In the first half of 2023, Kaspersky reported a 325.58% jump in attempts to attack SMB clients in the Philippines compared to last year.
The SMB Threat Statistics from the Kaspersky Network Security (KSN) telemetry gathered figures in this sector from six countries in Southeast Asia, including the Philippines. KSN is a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users.
Kaspersky data disclosed about 1,847 unique hits against Kaspersky’s SMB clients in the country were detected and blocked from January to June 2023, a far cry from only 434 from January to June 2022. A unique hit is the number of times that cybercriminals attempted to attack.
According to Kaspersky’s data, MS Office, MS Teams, and Skype are among the most commonly used software products by their clients who own small and medium-sized businesses worldwide. To determine the amount of malware and unwanted software distributed under the guise of these business applications, Kaspersky ran these software names against the KSN telemetry.
In the first half of 2023, 196 SMB Kaspersky client employees in the Philippines encountered malware or unwanted software posing as real business apps – up from 76 in the same period last year.
“It’s always easy—and popular— to think that your business is too small to be a target. Whatever business you’re in, as long as you’re using at least a computer or a mobile device that’s connected to the internet, you’re vulnerable to a cyber incident,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
To keep your business protected from cyberthreats, we recommend the following measures:
- Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure they know how to recognize phishing emails.
- If you are a Microsoft 365 user, remember to protect that too. Kaspersky Security for Microsoft Office 365 includes dedicated apps that target spam and phishing and protect SharePoint, Teams, and OneDrive for secure business communications.
- Set up a policy to control access to corporate assets, such as email boxes, shared folders, and online documents. Keep it up to date and remove access if the employee has left the company or no longer needs the data. Use cloud access security broker software to help manage and monitor employees’ cloud activity and enforce security policies.
- Make regular backups of essential data to ensure corporate information stays safe in an emergency.
- Provide clear guidelines on the use of external services and resources. Employees should know which tools they should or should not use and why. Any new work software should go through a clearly outlined approval process by IT and other responsible roles.
- Encourage employees to create strong passwords for all digital services and protect accounts with multi-factor authentication wherever applicable.
- Use professional services to help you get the most out of your cybersecurity resources. The new Kaspersky Professional Services Packages for SMBs provide access to Kaspersky’s expertise in assessment, deployment, and configuration: all you need to do is add the package to the contract, and our experts will do the rest.
- Use a security solution for endpoints, such as Kaspersky Endpoint Security for Business or Cloud-Based Endpoint Security, to minimize the chances of infection.
- Have a comprehensive defensive concept that equips, informs, and guides your team against the most sophisticated and targeted cyberattacks like the Kaspersky Extended Detection and Response (XDR) platform.
For local SMBs, Kaspersky in Southeast Asia also has launched a Buy 1 Free 1 promo, which allows businesses to enjoy two years of enterprise-grade endpoint protection for the price of 1 with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, with 24×7 phone support. Interested customers can reach out to firstname.lastname@example.org.