While large enterprises have often been the target of cyber attacks, small and medium-sized enterprises (SMEs) have been experiencing these digital threats at a growing rate.

Such attacks often result in the loss of confidential information and capital among enterprises, and cybercriminals have claimed SMEs as their newest victims.

According to the World Trade Organization, SMEs account for 90% of businesses worldwide and are deemed essential to the economy. However, in 2022 alone, SMEs suffered 60% of recorded cyber attacks.

To protect companies and employees, experts from internet security software company Kaspersky identified five threats that SME executives must watch for in 2023:

Threat #1: Data Leaks Caused by Employees

A company’s data can be exposed in various forms, sometimes involuntarily.

During the pandemic, many remote workers used their personal computers and spent hours of leisure time surfing the web, streaming visual content, and playing online games.

This trend is set to continue; in 2023, as more than two-thirds of employees who worked remotely during the pandemic say they do not want to return to the office. The remaining third was in favor of hybrid work.

Employees may accidentally install malware on their work computers when downloading the newest movie or television series, making it easier for cybercriminals to access a company’s network.

Another common threat involves the leak of sensitive information by former employees if they have possession of company data on their personal devices.

However, according to a recent survey, only 40% of SME managers believed that previous employees had access to company accounts or data stored in cloud devices.

Threat #2: Distributed Denial of Service (DDoS) Attacks

The media, banks, and retail services are often the victims of DDoS attacks.

DDoS attacks take advantage of network resources, such as the infrastructure of a company’s website.

An attacker may send multiple requests to a web server, thus exceeding the capacity and making it impossible to process all of the requests, which prevents the website from functioning properly.

DDoS attacks increase around the holidays when customers are more active. Recently, cybercriminals targeted the company Takeaway.com and demanded two bitcoins (around $11,000), ending the flow of web traffic.

Video game companies receive DDoS attacks as well. Recently, multiplayer games such as Call of Duty, World of Warcraft, and Overwatch have been attacked.

In August 2022, a hacker attacked Final Fantasy 14’s North American data centers, and players experienced difficulty logging in and connecting to servers.

It should be noted that many DDoS attacks go unreported because the financial consequence is generally low.

Threat #3: The Supply Chain

Attacks through the supply chain are common when a service or program used by a business turns malicious.

Many attacks are conducted through vendors or suppliers, including home delivery services, financial institutions, or logistic partners.

Recently, attackers used malware known as “ExPetr” or “NotPetya” to target a software called M.E.Doc used for accounting.

Users experienced an influx of ransomware to their accounts, and as a result, large and small companies experienced financial losses.

Threat #4: Malware

To prevent extra costs, SMEs may opt for pirated and unlicensed versions of professional software.

But SMEs must be cautious because malicious files can easily hide in illegitimate files and compromise company systems’ confidentiality.

Access brokers are one of the likely groups causing harm to companies in 2023. Their customers, who hope to seek illegal access to SME sites, range from cookie stealers to cryptojackers to bank identification thieves.

Emotet and DeathStalker are common malware cyber attackers use on tourism, legal, and financial-focused organizations. Information about assets, mergers, and acquisitions can be stolen during attacks.

Risk #5: Social Engineering

As Microsoft Office 365 Suite is being used more frequently by SMEs; unsurprisingly, its client-base are experiencing increased phishing attempts.

An attacker may have business users type in their password onto a browser resembling the Microsoft login page to access information.

Additionally, Kaspersky identified new schemes used by attackers to trick company executives, such as imitating delivery services or sending emails containing false documents.

Attackers may profit from money transfer services such as “Wise” in illegitimate company emails claiming to have a payment document attached.

The Risk of Cyber Threats Should be Taken Seriously

Hackers will use all means possible to achieve their goals and SMEs should be wary of the risks involved.

A Kaspersky study found that 41% of SMEs have a crisis prevention plan relating to cyberattacks, reflecting an encouraging trend for the future.

Strong password policies and encouraging employees to be hyper-aware of the risks will help businesses protect themselves from the risks cyber threats pose.