According to Kaspersky’s data, there has been a staggering 325% increase in cyber-attack attempts on small businesses (SMBs) in the Philippines. In the first half of 2022, there were 434 attempted cyber attacks on SMBs in the country, but this year, that number has soared to 1,847.

These attacks primarily aim to infiltrate networks with malware.

This data is part of Kaspersky’s ongoing surveillance of the threat landscape in the SMB sector across six Southeast Asian countries, including the Philippines.

Kaspersky: AI can augment IT security teams’ tasks
Kaspersky discovers emerging APT threat actor in APAC

“It’s always easy — and popular — to think that your business is too small to be a target,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “Whatever business you’re in, as long as you’re using at least a computer or a mobile device that’s connected to the internet, you’re vulnerable to a cyber incident.”

In 2023, within just six months, Kaspersky detected and blocked more than double the total unique hits (817) among its SMB clients in the Philippines compared to the entirety of 2022.

Weakest link

Kaspersky’s SMB Threat Statistics were derived from Kaspersky Network Security (KSN) telemetry data shared by users. In the first half of 2023, Kaspersky found that 196 SMB employees among its Philippine clients encountered unique malware or deceptive software disguised as legitimate business applications, a significant increase from the 76 users in the same period last year.

Kaspersky’s data also revealed that popular software products among its SMB clients worldwide, such as MS Office, MS Teams, and Skype, were targeted by cyber threats posing as these business applications. These findings underscore the need for enhanced cybersecurity measures.

“Now that hybrid work is the norm, security is your additional concern and it needs to be a top priority,” Yeo said. “Taking the unsafe approach of using home-level versions of security software is no longer an option.”

Kaspersky emphasized the importance of empowering employees with cybersecurity knowledge and education to mitigate cyberattacks and minimize their impact. 

“Remember, when it comes to cybersecurity, the weakest link is always your people,” Yeo said.