Cybercriminals are increasingly targeting small- and medium-sized enterprises (SMEs), putting their data and finances at risk, according to cybersecurity firm Kaspersky.

Data from Kaspersky showed a 325% increase in the number of unique hits across SMEs in the Philippines in the first half of the year, totaling 1,847, up from 434 in the same period last year.

It also revealed that 196 SME employees encountered malware or unwanted software disguised as legitimate business applications from January to June. This figure grew from 76 in the same period in 2022.

Malware encompasses cyber threats such as trojans, viruses, and ransomware, which can grant criminals backdoor access to the corporate network, Kaspersky said.

“It’s always easy—and popular—to think that your business is too small to be a target,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, in a press statement.

“Whatever business you’re in, as long as you’re using at least a computer or a mobile device that’s connected to the internet, you’re vulnerable to a cyber incident,” he added.

“Effectively reducing the impact of a cyberattack is only possible if the workforce is properly trained for cyber resilience.”

“There is now such a thing as building an IT infrastructure with lower investments; ask for help,” he said, noting that SMEs deal with limited resources.

“Remember, when it comes to cybersecurity, the weakest link is always your people.”

To curb the growth in cyber threats, Kaspersky suggested providing staff with basic cybersecurity hygiene training, including conducting a simulated phishing attack to practice recognition.

“Set up a policy to control access to corporate assets, such as email boxes, shared folders, and online documents,” it said on clear guidelines on employees’ minimum access to services and resources, alongside regular backups of corporate data.

Strong passwords and multi-factor authentication for all digital services must also be observed among employees, Kaspersky noted.

Security solutions and comprehensive defensive frameworks can also be sought through professional services, it added. — Miguel Hanz L. Antivola