TRADITIONALLY, targets for cyber criminals tend to be large corporations and multinational companies.

That’s because these companies are of high profile, owning large assets across continents and transacting in large monetary amounts.

In circumstances like these, potential attack vectors are plentiful making large businesses a natural target for criminals.

But since 2020, when the Covid-19 pandemic started arriving on our shores from overseas and started changing the way we work and deal in businesses, cybercrimes have similarly followed suit.

With an ever rising number of cybercrime cases, the SME Association of Malaysia has started noticing that many small and medium enterprises (SMEs) are affected by cyberattacks.

The association’s vice-president CS Chin cautioned on Sept 19 last year, that “cybersecurity is no longer an option when running a business but is a part of business costs and strategies.”

He added that this applies to all companies, large and small. These modern security threats will target computer information systems, infrastructures, personal and company devices to steal, alter or destroy data.

With reports of up to 12,000 attacks each year, it is important that even SMEs place cyber security in a position of priority.

Assailed on all sides

The trend of targeting SMEs is not only limited to our country, which shows the onslaught can come from anywhere.

The Forbes article Cyber criminals target poorly protected small businesses stated that smaller companies are vulnerable to a range of different types of cyberattack and that criminals target the technical weaknesses in these companies’ systems and employees.

This was especially so during the early Covid-19 pandemic spread, as companies scramble to set up work-from-home systems for their employees.

Insurer Chubb released a Malaysian SME Cyber Security Preparedness report that stated that as many as 84% of SMEs experienced cyber incidents in the 12 months leading up to 2019.

The highest proportion of SME cyber incidents are due to human error, with 40% of businesses facing a breach of their customer files – the highest percentage that was targeted.

These are mostly triggered by a phishing email that executes a ransomware which blocks access to company data until the cybercriminals are paid.

It could also be a botnet malware remotely controlled by a hacker over a network of malware-infected devices, like a computer virus.

SMEs exposed to cyber fraud attacks, whereby the perpetrator disguises himself as a reputable entity or person via an email or other platforms.

As a result, the hapless enterprise could potentially end up losing hundreds of thousands in reserves and would undoubtedly be a huge loss.

It would lead to lawsuits, bankruptcy and the eventual demise of that business.

How they attack

Besides ransomware and bot malware, other methods used by these criminals include hacking their way into businesses and exploiting the company softwares’ existing vulnerabilities, such as outdated and unsupported software or insufficient anti-virus protection.

Again, they will steal sensitive, personal data relating to customers and staff for fraudulent purposes.

They also code programmes that resemble legitimate software that are inadvertently downloaded via the Internet or from an email suite, allowing them to take control of the company’s data.

These malware programmes include spyware that track browsing history and gather information, keylogging apps to steal passwords and sensitive information, scareware that frighten uninformed users to download malware and more.

In years to come, with increased use of mobile transactions, cybersecurity for devices will take focus, as vulnerabilities increase with more use of enterprise applications to access company data, which raises risks in potential data leaks.

The increased use of QR codes during the pandemic for tracking reasons as well as a form of cashless transaction could also mean the codes can be easily spoofed, replaced or redirected by hackers.

Another trend is the rise in spyware, largely farmed from the device we use to stay connected, such via GPS, Bluetooth and more.

Home appliances using the Internet of Things (IoT) technology access are potential targets of spyware.

Large scale malware attacks will continue to appear, remnants salvaged from state-supported attacks waged for political hegemony.

By integrating these tried and tested components, hackers find new ways to renew their attacks, spawning a new breed of ransomware, spyware and malware bots.

Cyber Guard your device

Celcom Business offers total protection against such cyber crimes on mobile phones, tablets and more.

This solution, which is called Cyber Guard Device, allows SMEs to fully manage their business and isolates the stress of cyberattacks from occurring.

It activates a range of device security and management solutions that are essentially a step higher from traditional mobile antivirus suites.

Cyber Guard Device Basic tracks constantly evolving mobile attacks and utilises machine learning to safeguard businesses on a device, network, application and phishing level.

At the device level, it detects risky configurations, phishing and unauthorised changes to the operating system.

At the network level, it monitors behaviourial changes for suspicious activities, which include man-in-the-middle attacks and bad WiFi spoofing, while the application level provides protection against malware and leaky apps.

Cyber Guard Device offers Standard, Advanced, Pro and Max device management and control, with remote administration access to manually control devices and implement security measures.

It also monitors and secures the mobile devices used by the employees of your enterprise, while maintaining their privacy.

Get serious about cyber security. Call Celcom at 019-601 1111, scan the QR code below, or visit https://business.celcom.com.my/cyber-security/cyber-guard-device to learn more.