Cybersecurity can be a difficult and sometimes unnecessary task for small business owners.
Cybercriminals are exploiting this ignorance for IT security. Kaspersky researchers analyzed the dynamics of attacks against small and medium-sized companies between January and April 2022, and the same period in 2021 to determine which threats are increasing the risk to entrepreneurs.
In 2022, the number of Trojan-PSW (password-stealing ware) detections in Kenya increased by 16% when compared to the same period in 2021 – 12 639 detections in 2022 compared to 10 934 in 2021. Trojan-PSW is malware that steals passwords along with other account information. Once this information is stolen, it allows attackers access to the corporate network to steal sensitive information.
Another popular attack tool used on small businesses in Kenya is internet attacks, specifically, web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centres, etc. These attacks increased in number by 47%. Kaspersky researchers found 130 111 infections during the first four month of 2022, compared to 88 455 in 2021.
Remote desktop protocol (RDP), which allows computers to be connected on the same network and accessed remotely even though employees are away, has been adopted by many companies.
Although the number of attacks against RDP in Kenya has declined slightly, this threat remains a problem globally. In the United States, for example, there were approximately 47.5 million attacks during the first quarter of 2021, while 51 million occurred in the same time period in 2022.
IT administrators have a handy tool to help them analyze incidents. They will be better able to identify and fix any leaks if they can do it quickly.
What about small businesses, though?
Even small businesses have limited IT resources, they still need to secure all their devices from cyberthreats, including mobile phones.
“With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups. Cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point,” comments Denis Parinov, security researcher at Kaspersky.
“For small companies today, it’s not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development.”
To protect your business, Kaspersky recommends:
- Your staff should be trained in cybersecurity hygiene. Many targeted attacks begin with phishing and other social engineering techniques.
- Use a protection solution that protects mail servers and endpoints with anti-phishing capabilities in order to reduce the risk of being infected by phishing emails.
- taking key data protection measures. Protect corporate data and devices by using password protection, encryption work devices, and backing up data.
- keeping work devices physically safe – do not leave them unattended in public, always lock them and use strong passwords and encryption software.