The number of cyber criminal infections experienced by the global small and medium business sector has risen by 5% over the first quarter of 2024, compared to the same period last year.
This is according to Kaspersky’s latest research, with figures also relevant to the Middle East, Turkey and Africa (META) regions.
The research showed that SMBs have become a soft target for cyber criminals owing to a lack of robust cyber security measures, limited cyber security resources and expertise.
Prior to announcing this latest research, Kaspersky shared the findings of a study it conducted at the end of 2023, which found that 76% of small businesses around the world and 88% in the META region experienced at least one cyber incident in the past two years.
This resulted in leaks of confidential data, reputational damage, loss of customer trust and more. Around 9% of small companies worldwide and in META had to suspend certain areas of their business operations.
Kaspersky identified weak passwords and infrequent password updates as major causes of cyber incidents, accounting for 24% globally and 20% in META, second only to malware downloads.
SMBs under attack
Kaspersky analysts cross-referenced selected applications, such as MS Office, MS Teams, Skype, and other programs used in the SMB space against Kaspersky Security Network (KSN) telemetry.
The research showed that the number of users who encountered malware and unwanted software hiding in, or mimicking software products was 2 402, with 4 110 unique files distributed under the guise of SMB-related software. This represents an 8% increase year-on-year and suggests an ongoing rise of attacker activity.
Trojans prevalent
Trojans remain the most prevalent form of attack, warns Kaspersky. Unlike self-replicating viruses, Trojans mimic legitimate software, making them especially hazardous.
From January to April 2024, Kaspersky recorded 100 465 Trojan attacks, representing a 7% increase on the same period in 2023, and 83 145 more attacks than the next highest threat measured.
Microsoft Excel has resumed its position as the number one channel of attack, moving from fourth to first place between 2023 and 2024. Microsoft Word was in second place, while Microsoft PowerPoint and Salesforce were the third most targeted applications.
Vasily Kolesnikov, a cyber security expert at Kaspersky, said: “Our intelligence reveals that human error, often due to poor cyber security awareness, remains a significant vulnerability for SMBs. In addition, the ubiquitous use of Microsoft Excel in office environments provides fertile ground for cyber criminals who can hide and manipulate malicious data in large datasets that are then widely shared across a business.”
Kolesnikov says SMBs are part of a vast, interconnected ecosystem, making them targets for cyber criminals. He advises SMBs to establish clear access policies and regularly remind staff about basic cyber security practices.
Kaspersky recommends using EDR and XDR, strong passwords, multi-factor authentication, and setting access policies for corporate assets like e-mail, shared folders, and online documents.
Share