Kaspersky’s recent data analysis reveals that small and medium-sized businesses (SMBs) in Malaysia face a growing cybersecurity threat, with 290 employees encountering malware or unwanted software disguised as legitimate business applications in the first half of 2023. Despite SMBs constituting 97.4% of Malaysia’s business establishments and contributing significantly to the country’s GDP and employment, the report underscores the need for enhanced cybersecurity awareness and protection among these businesses.
20 September 2023 – Small and medium-sized businesses (SMBs) continue to play a pivotal role in Malaysia’s economic landscape, representing 97.4% of the nation’s business establishments. Their substantial contributions include 38.4% to Malaysia’s Gross Domestic Product (GDP) and employment for 42.8% of the local workforce. However, Kaspersky’s latest data analysis highlights the growing vulnerability of Malaysian SMBs to cybersecurity threats, despite their economic significance.
In the first half of 2023, Kaspersky’s research uncovered that 290 employees of SMBs in Malaysia encountered malware or unwanted software cleverly disguised as legitimate business applications. These deceptive incidents involved 193 unique files distributed under the guise of essential tools. The alarming total number of detections reached 2,184.
Malware, an umbrella term encompassing “malicious software,” is engineered by professional cybercriminals to inflict harm upon users’ devices or networks. It encompasses various cyber threats, including Trojans and viruses (with ransomware falling under the malware category). Malware attacks can be crippling for small businesses, often resulting in costly repairs or device replacements. Moreover, malware grants attackers unauthorized access to systems, paving the way for data theft and endangering both customers and employees.
The statistics presented in this report were meticulously collected by the Kaspersky Security Network (KSN), a system that processes anonymized data related to cyber threats. This data is voluntarily shared by Kaspersky users and provides valuable insights into the evolving cybersecurity landscape. To assess the specific threats facing the SMB sector, Kaspersky’s experts compiled a list of the most commonly used software products among SMB owners globally. This list included popular applications like Microsoft Office, Microsoft Teams, Skype, and others prevalent in the SMB sector. Subsequently, Kaspersky’s team scrutinized KSN telemetry data to quantify the distribution of malware and unwanted software disguised as these legitimate applications.
Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky, emphasized the pressing need for vigilance among SMBs, asserting that “cybercriminals target SMBs with all types of threats.” These threats range from malware posing as business software to sophisticated phishing schemes and email scams. He stressed that businesses, regardless of their size, must remain vigilant, as a single cyberattack can lead to severe financial and reputational damage.
CyberSecurity Malaysia reported receiving 3,327 cyber incident reports as of July 2023, with 62% of these reports centering on fraud. Yeo added, “While our data shows that cybercriminals remain active during the first half of the year, we do not advise SMBs to lower their guard.” Acknowledging the cybersecurity awareness gap among Malaysian SMBs, Yeo underscored the necessity of a multi-stakeholder approach to combat cybercrime effectively.
To safeguard businesses against the evolving cyber threat landscape, Kaspersky recommends the following measures:
- Cybersecurity Training: Provide staff with basic cybersecurity training, including recognizing phishing emails.
- Microsoft 365 Protection: If using Microsoft 365, employ Kaspersky Security for Microsoft Office 365 to combat spam, phishing, and protect collaborative platforms like SharePoint, Teams, and OneDrive.
- Access Control Policies: Implement policies to control access to corporate assets, and regularly update them.
- Data Backups: Maintain regular backups of essential data to ensure information remains secure during emergencies.
- Guidelines on External Services: Provide clear guidelines on the use of external services and resources.
- Strong Passwords and Multi-Factor Authentication: Encourage employees to use strong passwords and enable multi-factor authentication where applicable.
- Professional Services: Utilize professional cybersecurity services to maximize protection.
- Endpoint Security Solutions: Implement security solutions for endpoints to minimize infection risks.
- Comprehensive Defensive Concepts: Develop a holistic defensive concept against sophisticated cyberattacks.
Moreover, Kaspersky in Southeast Asia has introduced a Buy 1 Free 1 promotion for local SMBs, offering two years of enterprise-grade endpoint protection for the price of one with Kaspersky Endpoint Security for Business or Cloud or Kaspersky Endpoint Detection and Response Optimum, along with 24×7 phone support.