Region’s SMEs lack capability against complex cyberthreats

Photo by Dan Nelson

Small and medium businesses (SMBs) are among the many casualties of the pandemic. Aside from keeping their cash flow moving despite the multiple and recurring lockdown measures, this segment has also been a target of malicious criminals online.

Based on Kaspersky’s IT Security Economics 2020 survey, more than one-third (37%) of SMBs in Southeast Asia (SEA) admitted facing targeted attacks. This is four notches higher compared with the global average at 33%. In this research, SMBs are defined as companies with 50 to 999 employees.

Targeted attacks are some of the most dangerous risks to businesses’ systems. These are cyberattacks aimed at compromising a particular company or network. Typically, a targeted attack has several stages. This type of sophisticated threat is extremely difficult to detect because of its targeted nature.

“While many owners still think their humble businesses are far from cybercriminals’ radar, the insights from our survey disclosed a different picture. Most malicious actors are opportunists in nature. Big enterprises are more likely to have cutting-edge security measures leaving SMBs easy targets or what we call “low hanging fruits”, says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“When successful, these attacks can be costly. On average, a successful attack against an SMB can cost 130K USD on average, which, considering the current situation, is a huge amount”.

The same study conducted last June with 5,266 IT business decision-makers from 31 countries revealed a loophole which calls for an urgent overhaul — more than half of SMBs in SEA (66%) admitted their lack of visibility of the infrastructure and their (64%) inability to detect serious threats among many alerts.

Aside from this, nearly seven in 10 (66%) of the respondents disclosed their lack of skilled technical staff to detect and respond to complex incidents. Almost two thirds (64%) also acknowledged their inability to properly respond and clean up after a sophisticated attack and some 58% cited that they yet to have sufficient insight and intelligence on the threats specifically faced by their businesses.

“It is clear that there are two areas this segment needs urgent help with — visibility against complex threats to identify even the most sophisticated attacks, and expertise to conduct investigation and intelligent incident response,” adds Yeo.