Self Assessment

Cyberthreats to SMBs in APAC: Part-2 The Looming Cyberthreats to SMBs

Published On : 2021-07-03
Share :
Cyberthreats to SMBs in APAC: Part-2 The Looming Cyberthreats to SMBs

By Mihir Bagwe, CISO Mag

In the first part of this series, we have already seen why small and medium businesses (SMBs) are the backbone of modern economies and hold the lion’s share in the majority of APAC’s GDP. But the pandemic has impacted the growth of SMBs and owners today have to re-strategize their businesses and operations. And this has become the catalyst for rapid digital transformation. However, with some pros, come some cons and digital risk tops the list. So, let us discuss what challenges do SMBs have to face from threats in the digital world.

Let’s take a dive into some of the latest facts and figures related to cyberthreats and attacks aimed at SMBs.

The Numbers Game

As per a global small businesses survey, almost 25% of small businesses feel that their cybersecurity protection is inadequate.

A PwC survey stated that of the total number of reported cyberattacks that took place in the APAC region during the last year, 75% of them were specifically targeted at SMBs.

57% SMBs sustained cyberattacks in the past 24 months with 76% of them suffering more than one attack.

44% of the SMBs reported a data breach in the past 24 months.

Nearly 60% of the data breaches reported by SMBs in developed markets of Australia, New Zealand, and Singapore, were due to third parties.

The average detection time of a cyberattack in APAC is 54 days.

As per Cisco’s “2020 CISO Benchmark Study,” 46% of SMBs with < 1k employees had 5-16 Hours of Breach-Related Downtime.

83% of data breaches against SMBs are financially motivated.

52% of the SMBs surveyed in APAC for the “SMB State of Cybersecurity” report, agreed to lack of in-house skills necessary to properly deal with security issues.

Since the beginning of the pandemic, 86% of SMBs now place cybersecurity within their top five priorities of their organization.

As per an Infrascale report, globally 83% of the SMBs felt they were prepared for a ransomware attack. However, 46% have been targeted successfully, and a staggering 73% have made ransom payments.

Of the above, 43% percent of SMBs paid ransom ranging between $10,000 to $50,000 and 13% said they were forced to pay more than $100,000.

In APAC, more than 30% SMBs suffered damages between $50,000 to $250,000, while another 9% sustained damages of more than $1 million.

Reportedly, 22% of SMBs switched to remote work without having a full-proof cybersecurity threat prevention plan in place.

These numbers certainly suggest that the cyberthreat landscape for SMBs is growing alarmingly and is very concerning, to say the least. But what are the exact threats? How do they intrude on the networks in the first place? How much bearing does it have on your pocket? Let us dig deeper.

Cyberthreats to be wary of

The end goal of a cyberattack is to explicitly steal and exploit the customer, employee, financial data, or the intellectual property of the targeted business. But there is an order to this chaos. Notably, SMBs are at a higher risk of the following threats in the immediate future:

Our Old Nemesis – Malware

It is a malicious code or software that is specifically designed to damage, disrupt, steal, or in general inflict some of the other “bad” or illegitimate action on data, hosts, or networks, on which it is injected. This is regarded as a top threat because in general, 70% of Asia Pacific’s SMBs have experienced an incident of an exploit or malware evading the intrusion detection system adopted by them.

How to Avoid Malware Damages?

The National Cyber Security Centre’s “Small Business Guide for Cybersecurity,” suggests that SMBs should adopt a “defense-in-depth” approach. This means using a layered defense mechanism that has several mitigation steps at each layer. However, it notes that the most important mechanism that SMBs need to have in this case is a real-time digital risk assessment and protection mechanism or platform. Smaller businesses need to proactively keep track of their digital footprint for validating attack surfaces, vulnerable systems, and data leaks. The quicker they can detect their threats, the better armed they are to plug the gaps and deflect them.

The New Cartel in the Digital Space – Ransomware

As per a “Beazley Breach Report 2020”, 62% of ransomware attacks were targeted at small businesses. This is a stark reminder to the people who believe in the myth that “ransomware gangs only go after larger companies since SMBs do not offer anything valuable to them.” Now let’s figure this out. Like the big players, SMBs also store data, which includes credit card numbers, protected health information (PHI), personally identifiable information (PII) and even biometric data in some cases. For cybercriminals, this is equivalent in value to GOLD. They can pilfer and use this data to take out loans, steal identities, make wire transfers and complete other scams.

Another reason why ransomware is a serious threat particularly to SMBs is the fact that this type of attack can mean the end of the road for a small business. One such example of an SMB calling it a day due to a ransomware attack is that of the Heritage Company. It was asked to pay-up if it wanted to get its systems back online. After weighing its options, the Arkansas-based telemarketing firm paid the ransom. But that did not end the nightmare. Its system had been trashed, and two months later it still failed to recover its data. The company restructured to stop the bleeding but to no avail. Eventually, it was forced to shut down as it could not take any more financial drain.

How to stop ransomware in its tracks?

Follow these four easy steps:

  1. Install quality endpoint protection which includes web and email protection.
  2. Take regular offline backups to make sure all key data can be reliably restored.
  3. Train your employees to spot latest forms of ransomware delivery methods.
  4. Install a real-time tracking solution that can monitor your employees’ credentials, customer PII, and other critical data on the open and darker side of the internet – the hackers’ forums, dark web, and bin sites.
The Regulars – Phishing and Business Email Compromise

In the Asia Pacific, phishing remains one of the top three cyberattack types suffered by SMBs. One in every three SMBs has reported facing this attack in the past year.

Through the cycle of the ongoing pandemic, phishing scams have only seen an uptick. In the initial days, it leveraged COVID-19 testing and the associated anxiety, and now vaccine-related phishing scams are bursting through the roof.

Another popular type of attack that scammers have been successfully adopting in recent years is business email compromise (BEC). In a BEC attack, cybercriminals first steal legitimate business email account credentials, which are later used to launch financial fraud campaigns like fraudulent email messages, requests for out-of-channel funds/wire transfers, and deleted accounting trails. However, the recent traits in a BEC attack have found scammers posing as HR specialists recommending vaccines to their employees and exploiting the emotions of their victims.

Both phishing and business email compromise attacks are now getting sophisticated, persuasive, targeted, and are very well disguised. They will keep coming at you no matter what. Because the weakest link in your business security is…YOU! To mitigate the human threat, we need to work on changing cyber user behavior.

How to Prevent a Compromise through a Phishing Email?

Follow these steps:

  • Train your employees to identify phishing emails. ALL of them!
  • Run periodic phishing simulations to test their vigilance and keep them better prepared.
  • Keep following steps 1 and 2 again, and again… and again.
  • Consider incentivizing employees who act responsibly and report phishing attacks.
  • Counsel those who repeatedly fail or ignore internal phishing drills.
Proliferation of mobile, IoT and BYOD devices

Since the onset of the pandemic, mobile and BYOD (bring your own device) devices have been deemed as saviors for business continuity. The relatively recent developments such as Internet of Things (IoT) devices, biometrics, and the use of personal mobile devices for work have been quickly and broadly adapted by SMBs. However, these new endpoints and revolutionary technologies such as IoT appear to be one of the major factors driving these cyberattacks towards SMBs. Why? Because security technologies and practices tend to lag in these areas.

Companies may be aware of this, yet many feel helpless.  In APAC, the most vulnerable endpoints in an SMBs operational ecosystem were identified as desktop and laptop computers (44%) with an equal weightage given to web servers (44%). These numbers suggest that SMBs are aware of their weak links, however, it is alarming to note that only 53% of SMBs have antivirus solutions in place.

Mobile devices, IoT, and BYOD are currently the weakest link for not just SMBs, but businesses of all sizes. But the scale tilts further for small businesses because their entire business ecosystem is thriving on these devices.

So, how to keep your devices protected?

Follow this simple three-step process:

  1. Use a strong password and multi-factor authentication.
  2. Have antivirus or anti-malware software installed on all your mobile devices.
  3. Update all devices with the latest security patches and software versions.

The attack surface for SMBs is growing at an unprecedented rate as newer IoT devices and technologies keep taking center stage. It is now becoming increasingly difficult to track and keep an account of your entire digital footprint, more so because of a resource crunch (both money and manpower), that majority of the SMBs are currently facing. To address this issue and keep a track of your entire digital footprint, you may take help from an able hand like CYFIRMA’s DeTCT.

CYFIRMA’s DeTCT can uncover the digital risks profiles for SMBs and help them detect the following:

  1. Gain awareness of the potential attack surfaces including forgotten systems and applications in which hackers can find their way in.
  2. Fake identities of your business executives – these can be fake social media profiles, fake email IDs. These are signs of potential phishing campaigns where threat actors can impersonate persons of authority to trick other employees or even potential clients into clicking malicious emails.
  3. Look-alike domains and websites – created to deceive users into believing fake content or divulging personal/financial information.
  4. Your IP addresses, employee credentials, customer personally identifiable information are mentioned and thrown into underground forums, dark web, bin sites. This means threat actors have found a way to breach your defenses and have exfiltrated important data.
  5. Vulnerabilities in your system, software and applications which if left undetected and unattended would leave the door wide open for hackers.

For more information on CYFIRMA’s DeTCT, click here.


Stay tuned for Part-3: The Cyber-Readiness Gap


This site is registered on as a development site. Switch to a production site key to remove this banner.