In recognition of International
SMB Day as established by the United Nations, Kaspersky unveils
a comprehensive report highlighting
the increasing peril faced by small and medium-sized businesses (SMBs) in the
current cyberthreat landscape. With SMBs making up a remarkable 90 percent of
all businesses globally and contributing to
50 percent of the world's gross domestic product, there is increasing urgency
for stronger cybersecurity measures to protect these economic powerhouses.
The latest Kaspersky Threats to SMB report exposed an
ongoing and troubling reality as cybercriminals continue to target SMBs with a
range of sophisticated tactics. It showed the number of SMB employees
encountering malware or unwanted software disguised as legitimate business
applications has remained relatively steady year-on-year (2,478 in 2023
compared to 2,572 in 2022), and cybercriminals are persisting in their efforts
to infiltrate these businesses.
Cyber criminals employ a multitude of methods including
exploiting vulnerabilities, employing phishing emails, deceptive text messages,
and even utilize seemingly harmless YouTube links, all with the aim of gaining
unauthorized access to sensitive data. This concerning trend underscores the
urgent need for enhanced cybersecurity measures to safeguard SMBs from the
relentless onslaught of cyber threats. The report reveals that the total number
of detections of these malicious files aimed at SMBs during the first five
months in 2023 reached 764,015.
Exploits were the most prevalent threat to SMBs accounting
for 63 percent (483,980) of all detections during the first five months of
2023. These malicious programs target software vulnerabilities, permitting
cybercriminals to run malware, elevate their privileges, or disrupt critical
applications without any user interaction.
Phishing and scam threats also pose a significant
risk to SMBs, with cybercriminals adeptly tricking employees into divulging
confidential information or falling victim to financial scams. Examples of
such deceptive tactics include fake banking, delivery, and credit service pages
designed to deceive unsuspecting individuals.
Moreover, the Kaspersky report draws attention to a
frequently utilized method for infiltrating employees' smartphones, referred to
as "smishing,"
a clever combination of SMS and phishing. This technique involves the victim
receiving a text message with a link, distributed through various platforms
like SMS, WhatsApp, Facebook Messenger, WeChat, and others. If the unsuspecting
user clicks on the embedded link, their device becomes vulnerable to the upload
of malicious code, compromising its security.
The data used in this report was collected from January to
May 2023 via Kaspersky Security Network (KSN), a secure system for processing
anonymized cyberthreat-related data voluntarily shared by Kaspersky users.
Kaspersky experts examined the most widely used software used by SMBs
worldwide, including MS Office, MS Teams, Skype, and others. By
cross-referencing this software against KSN telemetry, the researchers
determined the extent of malware and unwanted software distributed under the
guise of these applications.
"The vulnerabilities faced by SMBs are not to be
underestimated," said Vasily Kolesnikov, a security expert at
Kaspersky. "As these businesses are the backbone of most countries'
economies, it is crucial that governments and organizations alike step up their
efforts to safeguard these enterprises. Awareness and investment in robust
cybersecurity solutions must become a top priority to protect SMBs from
evolving cyber threats."
To read the full report and learn more about the
cyberthreats facing SMBs, please visit Securelist.