SMEs in Kenya are now targets for internet hackers: Kaspersky report reveals

 By Rading Biko 

 

In comparison to 88
455 infections in 2021, Kaspersky researchers detected 130 111 infections in
the first four months of 2022

When a small business owner is faced with the
responsibilities of production economics, financial reports and marketing all
at the same time, cybersecurity can often appear complicated and, at times,
unnecessary. However, this disregard for IT security is being exploited by
cybercriminals. 

 

                                     Denis Parinov,
Security Researcher at Kaspersky. [APO]

 

Kaspersky  researchers
assessed the dynamics of attacks on small and medium-sized businesses between
January and April 2022 and the same period in 2021, to identify which threats
pose an increasing danger to entrepreneurs.

In 2022, the number of Trojan-PSW (Password Stealing Ware) detections in Kenya
increased by 16% when compared to the same period in 2021 – 12 639
detections in 2022 compared to 10 934 in 2021. 

 

Trojan-PSW is a malware
that steals passwords, along with other account information, which then allows
attackers to gain access to the corporate network and steal sensitive information.

Another popular attack tool used on small businesses in Kenya is Internet
attacks, specifically, web pages with redirects to exploits, sites containing
exploits and other malicious programs, botnet C&C centers, etc. 

 

The number
of these attacks increased by 47% in the country. In comparison to 88 455
infections in 2021, Kaspersky researchers detected 130 111 infections in
the first four months of 2022.

With the shift towards remote working, many companies have introduced the Remote
Desktop Protocol (RDP), a technology that enables computers on the same
corporate network to be linked together and accessed remotely, even when the
employees are at home. 

 

While the overall number of attacks on RDP has decreased
slightly in Kenya, globally this threat is still a challenge. For example, in
the first trimester of 2021 there were about 47.5 million attacks in the U.S.,
whereas for the same period in 2022 the number had risen to 51 million.

Having a special security solution enables attack visualisation and provides IT
administrators with a convenient tool for incident analysis. The faster they
can analyse where and how a leak occurred, the better they will be able to
solve any negative consequences.

 

 The new edition of
Kaspersky Endpoint Security Cloud, dubbed Kaspersky Endpoint Security Cloud Pro
contains advanced new capabilities, including automated response options and an
extended set of security controls in a single solution. 

 

 The Pro version also
includes built-in training for IT workers seeking to boost their cybersecurity
skills and make the most out of their specialised security products.

Even small businesses with limited IT resources still need to protect all their
working devices, including computers and mobile phones, from cyberthreats. The
updated Kaspersky Small Office Security)  is a key tool for startups,
small online-stores and local businesses to keep all of their work devices
protected, safely transfer any valuable business-related files and avoid
falling victim to ransomware.

“With the shift to remote working and the introduction of numerous advanced
technologies in the daily operations of even small companies, security measures
need to evolve to support these sophisticated setups. Cybercriminals are
already way ahead of the curve, so much so that virtually every organisation
will experience a breach attempt at some point. For small companies today, it’s
not a matter of whether a cybersecurity incident will happen but when. Having
trained staff and an educated IT-specialist is no longer a luxury but a
must-have part of your business development,” comments Denis Parinov, security
researcher at Kaspersky.

To protect your business, Kaspersky
recommends:

Providing your staff with basic cybersecurity hygiene
training as many targeted attacks start with phishing or other social
engineering techniques.

Using a protection solution for endpoints and mail servers
with anti-phishing capabilities to decrease the chance of infection through
phishing emails.

Taking key data protection measures. Always safeguard
corporate data and devices, including by using password protection, encrypting
work devices and ensuring data is backed up.

Keeping work devices physically safe – do not leave them
unattended in public, always lock them and use strong passwords and encryption
software.

Denis Parinov,
Security Researcher at Kaspersky. [APO]

 

Get the latest and greatest stories delivered straight to your phone. Subscribe to our Telegram channel today!

Popular Post