Home Tech Updates Trojan cyber attacks hit SMEs harder than ever

Trojan cyber attacks hit SMEs harder than ever

by Helen J. Wolf
0 comment

When a small business owner is faced with the responsibilities of manufacturing economics, financial reporting, and marketing simultaneously, cybersecurity can often seem complicated and unnecessary. However, this disregard for IT security is being exploited by cybercriminals.

Kaspersky researchers assessed the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021 to determine which threats pose an increasing threat to entrepreneurs.

By 2021, small businesses were three times more likely to be victims of fraud than larger companies. The average loss from a single cyber attack has exploded from $34,000 to just under $200,000.

Trojan cyber attacks hit SMEs harder than ever

In addition to financial blows, these companies faced legal fees, compliance fines, reputational damage, and loss of customers.

The researchers also found that the total number of attacks has increased significantly.

For example, in 2022, the number of Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter compared to the same period in 2021 to 4,003,323 from 3,029,903.

Trojan-PSW is a malware that steals passwords and other account information, allowing attackers to access the corporate network and steal sensitive information.

Another top attack uses Remote Desktop Protocol (RDP) technology. With the shift to remote working, many companies have introduced RDP, which allows computers on the same corporate network to be linked and accessed remotely, even when employees are at home.

Despite the normality of such technology, it jeopardizes the security of employees’ devices and a company’s business systems, as RDP is of particular concern to cyber criminals.

With RDP, if the attacker gains access to the corporate network, they can commit fraud on all of the linked corporate computers.

The number of attacks on RDP has decreased slightly, but not in all countries. For example, there were about 47.5 million attacks in the United States in the first quarter of 2021, which increased to 51 million in the same period in 2022.

Many small businesses are unable to recover from such attacks. To avoid losses, entrepreneurs should take better care of the online security of their business, the researchers say. This certainty starts in the first place with the employees.

According to public reports, the average employee has access to more than 11 million files. The information they have access to can range from financial information or customer data to the secrets of their company’s development.

Cybercriminals know this, so most attacks on companies are carried out through their employees, who are often not trained in the cyber risks associated with their role.

One person in particular also greatly influences a company’s overall security: the IT specialist.

Kaspersky said that advanced security services can provide built-in training to keep IT specialists informed about the latest cyber threats.

Through training and education, business owners can turn them into sought-after cybersecurity specialists, able to analyze how threats can affect their particular organization and adapt technical and organizational cybersecurity measures accordingly. The researchers said this will help companies avoid additional costs associated with breaches of their business systems.

In addition, the experts recommend purchasing an advanced security product for incident analysis. Many organizations don’t plan to contain a breach in their organization, let alone the necessary protections to prevent a breach in the first place.

This is especially true if a threat infiltrates their system and goes undetected, which is possible if network monitoring and automated threat detection mechanisms are not in place.

A dedicated security solution enables the visualization of attacks and provides IT administrators with a useful tool for incident analysis. The faster they can analyze where and how a leak originated, the better they can solve any negative consequences.

Denis Parinov, the security researcher at Kaspersky, says: “With the shift to remote working and the introduction of many advanced technologies into the day-to-day operations of even small businesses, security measures need to be developed to support these progressive institutions.

“Cybercriminals are already way ahead, so much so that virtually every organization will have to deal with an attempted break-in at some point.

“For today’s small businesses, the question is not if a cybersecurity incident will happen, but when. Having a trained workforce and a well-trained IT specialist is no longer a luxury but a must-have part of your business development. “

You may also like