Workflow logo
Post Job Now
Home / Resources / Blog /Cybercriminals Are Targeting SMEs, Here’s Why
Cybercriminals Are Targeting SMEs, Here’s Why
# Working Wisdom# Human Resources# Employer

Cybercriminals Are Targeting SMEs, Here’s Why

Mohamad Danial bin Ab. Khalil
by Mohamad Danial bin Ab. Khalil
Sep 05, 2021 at 12:41 AM

Are You Hiring?

Find candidates in 72 Hours with 5+ million talents in Maukerja Malaysia & Ricebowl using Instant Job Ads.

Hire Now
A Job Thing Logo

Even before the pandemic began, cybercrime has always been a problem for businesses. Though there is a spike in ransomware and phishing emails during the pandemic, cyber threats were already growing and targeting several entry points and weaknesses in organisations. 

Interpol's ASEAN Cyberthreat Assessment 2021 report said that the top cyber threats in ASEAN are:

  • Business email compromise,

  • Ransomware,

  • Phishing,

  • e-Commerce data interception, and

  • Cyberscams.

Remote working allows cybercriminals to carry out more targeted attacks. Successful targeted attacks are disrupting the supply chain, such as the recent JBS and Colonial Pipeline attacks.

Juan Huat Koo, Cisco's ASEAN Security Leader, said that hackers would not target an organisation heavily fortified with security. They would go after the supply chain partners, which would affect the entire organisation too. Going through the trusted channels makes it easier for them to infiltrate companies. 

 

How remote working affects security

Companies can no longer protect all their remote workers. There are risks of remote working that organisations cannot easily address, such as:

  • Unsecured network, and

  • Staff using their own devices for work.

Cisco Security Outcomes Study: Endpoint Edition said that 3 out of 4 top countries with the highest percentage of companies reporting a significant cybersecurity incident in the past two years were from Asia:

  • Thailand (66%),

  • China (59%), and

  • India (55%).

Juan explained that evolving markets such as Thailand and Malaysia are giving cybercriminals opportunities. The switch to remote work and digitalisation open up avenues for cybercriminals. 

As the pandemic still hits many countries, more businesses are investing in cybersecurity. While some companies have returned to their offices, they now have to refresh their systems and find ways to prioritise processes. For instance, should they focus on fixing their dormant systems on-premises or improving the services for the remote staff?

Laptop security
Remote working could lead to security breaches by cybercriminals.

SMEs are only a stepping stone

Kerry Singleton, Cisco's cybersecurity expert, said that many small and medium enterprises (SMEs) are part of the supply chain for larger businesses. 

Cybercriminals often target them because of the lower security. The endgame for them is to go through SMEs to reach larger companies. Since cyberattacks on SMEs are increasing, these businesses must upgrade their cybersecurity, given their effect on the supply chain.

Kerry also said that SMEs play a crucial role for large enterprises. For instance, an SME could run a specific service for a large financial service company. That SME would have access to many data sets from the financial company, though they do not have robust cybersecurity.

If cybercriminals could steal the data from the network, there will be severe implications to the company that shared the data with the SME. 

Some SMEs play a critical role in the supply chain for larger organisations. Both companies would trust each other, but they would not realise that the breach came from an SME until it happens.  

Juan said that companies must know what happens in the infrastructure and the environment when establishing trust with their partners and supply chain. They should never assume everything is safe and install a zero-trust framework that questions everything and checks every entry into the system. 

 

A collective effort

Companies usually take about 100 days to detect any threat. By then, cybercriminals would have already done the damage. Kerry and Juan believe that companies should look into the zero-trust framework, especially with remote working becoming the new normal. 

Kerry said that knowledge sharing and collaboration are crucial to ensure threats are detected and dealt with. For instance, Singapore, Australia and the US are sharing breach information.

Companies must use the information correctly and work the collaboration into their businesses. 

 

According to Juan, Cisco has done MOUs with Malaysia and Singapore to share threat intelligence, which is crucial to stop threats from coming into ASEAN.

Source: Techwire Asia

Articles that might interest you 
What You Need to Know About Program Subsidi Upah (PSU) 4.0
Latest Dine-in SOPs for Phase One of the NRP
KPDNHEP Allows Further Relaxation to More Sub-Sectors

Search
Categories
© Copyright Agensi Pekerjaan Ajobthing Sdn Bhd SSM (1036935K) EA License Number JTKSM 232C Terms & Condition Privacy & Policy About Us