Unlicensed software, phishing, DDoS attacks or careless employees - small and medium-sized enterprises (SMEs) will be confronted with a multitude of cyber threats in 2023. Kaspersky experts have analyzed the top threats for SMEs in the new year and provide protection recommendations.
Half of the small and medium-sized companies in Germany were confronted with cyber attacks over the past year. Based on developments within the threat landscape in 2022, Kaspersky cybersecurity experts have identified risks and vulnerabilities that SMEs should be aware of this year:
1. Data Leaks by Employees
While cybersecurity levels have generally improved over the past two years, corporate devices are still often used for private purposes. Employees run the risk of unintentionally downloading various types of malware onto company devices, including Trojans, spyware, backdoors and adware, for example by downloading series or films from dubious sources. This allows attackers to penetrate corporate networks and steal sensitive information. Furthermore, only half of executives are certain [2] that former employees no longer have access to company data in the cloud or company accounts. Any unnecessary access to a system - be it a collaborative environment, work email or a virtual machine - increases the potential attack surface and provides an opportunity for unauthorized third parties to harvest data. Even a chat among colleagues about non-work related topics could be used for social engineering attacks.
2. DDoS Attacks
Cyber criminals use DDoS attacks to paralyze the websites of organizations and companies in a wide variety of industries. Gaming companies and online shops are increasingly affected. Cyber criminals often demand money to stop the attack. However, because the payout amounts are often not very high, many DDoS attacks go unreported by companies.
3. Digital Supply Chain Attacks
In a digital supply chain attack, a company's service or program is compromised; The starting point for the attack is a provider or supplier of the company. Such attacks vary in complexity and the damage they inflict. For example, attackers have used ExPetr (also known as NotPetya) [3] in the past to compromise the automatic update system of the accounting software MEDoc and thereby distribute ransomware to all customers. If such an attack becomes known, it can have an enormous impact on the company's reputation: 76,4 percent of companies fear this in the event of a successful attack [4].
4.Malware
More than a quarter of medium-sized companies worldwide use pirated or unlicensed software to save costs [5]. However, if software is downloaded from unknown or illegitimate sources, it can contain malware and thus jeopardize a company's security. In general, companies are confronted with a variety of different malware: from cryptojacking clients, banking password stealers to ransomware and cookie stealers. One of the notorious malware is Emotet [6], which steals bank data and targets organizations worldwide.
5. Social engineering
Cyber criminals primarily target cloud services such as the Microsoft Office 365 suite with phishing, as these have been increasingly used since the pandemic. Using a variety of methods, scammers attempt to trick employees into entering their passwords on a webpage similar to Microsoft's login page, for example, or to trick business owners into offering credit or delivery services. To do this, they send emails with links to infected websites or fake, harmful accounting documents.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/