In today's digital world, the threat of cyberattacks is more significant than ever. For large corporations, cybersecurity is a top priority, but for small and medium enterprises (SMEs), limited resources can make it challenging to prioritise. Often, SMEs rely on basic antivirus software and a general employee with some IT knowledge. However, recent trends indicate that this approach is no longer enough to protect your SME business.

According to the Malaysia Cybersecurity Insights 2024 report, Ransomware-as-a-Service (RaaS) attacks have increased by 45%, primarily targeting SMEs. Moreover, 72% of Malaysian businesses experienced supply chain attacks in 2022. These statistics highlight the growing risks SMEs face in the digital landscape.

Years ago, an antivirus program might have been sufficient to protect your SME business from cyber threats. However, as technology has advanced, so have the tactics of cybercriminals. Today, the threats are more sophisticated and varied, requiring a comprehensive approach to cybersecurity. This blog will explore how cyberattacks have evolved and why a multi-layered cybersecurity strategy is essential for SMEs.

The Evolution of Cyberattacks

Early Cyberattacks: A Look into History

Cyberattacks have come a long way since the early days of computer viruses and worms. In 1988, the Morris Worm became one of the first significant incidents of a worm spreading across the internet. It caused major disruptions, infecting approximately 10% of internet-connected computers at the time. Among those affected were Harvard, Princeton, Stanford, Johns Hopkins, NASA, and the Lawrence Livermore National Laboratory. The financial damage was estimated to be between $100,000 and $10 million, highlighting the potential scale of harm from cyber incidents even in their earlier stage.

Source: Intel Free Press

The 2000s saw a shift towards more targeted attacks. In 2007, Estonia experienced a series of cyberattacks that disrupted government, financial, and media websites. Politically motivated, this campaign was part of a larger conflict with Russia over the relocation of a Soviet-era monument in Tallinn. Starting on 27 April, the cyberattacks targeted Estonia’s internet infrastructure, affecting banks, media outlets, and government services. These attacks demonstrated the potential of cyber warfare to disrupt national stability.

Source: Daniel McLaughlin

Modern Cyberattacks: Increased Sophistication and Impact

In recent years, cyberattacks have become more sophisticated, targeted, and damaging. The rise of ransomware, phishing, and advanced persistent threats (APTs) has changed the cybersecurity landscape.

Notable Cyberattacks in Recent History

WannaCry Ransomware (2017): The WannaCry ransomware attack affected over 200,000 computers across 150 countries. It targeted systems running Microsoft Windows by encrypting data and demanding ransom payments in Bitcoin. The attack caused widespread disruption, including significant impacts on the UK's National Health Service (NHS), which faced critical delays in medical procedures.

Source: New Straits Times

NotPetya (2017): Initially thought to be ransomware, NotPetya was a wiper malware that caused over $10 billion in damages globally. It primarily affected businesses in Ukraine but quickly spread to multinational corporations, including Maersk, Merck, and FedEx. The attack highlighted the vulnerability of global supply chains to cyber threats.

Source: Group IB

SolarWinds Attack (2020): In one of the most sophisticated cyber espionage campaigns, attackers compromised the SolarWinds Orion software, used by numerous government agencies and Fortune 500 companies. This attack underscored the risks associated with supply chain vulnerabilities and the importance of securing third-party software.

The Malaysian Context: Recent Cybersecurity Incidents

Malaysia has not been immune to the global surge in cyberattacks. In 2023 and 2024, several significant incidents highlighted the urgent need for enhanced cybersecurity measures.

The MySejahtera Data Breach: In early 2023, a super admin downloaded the personal data of 3 million users from the app, following 1.12 million hacking attempts targeting the confidential information of millions of Malaysians.

R00TK1T Hacking Group Infiltrates Maxis: In January 2024, the R00TK1T hacking group targeted the Malaysian telecommunications company, Maxis, claiming to have breached its systems. Maxis clarified that the breach occurred through third-party vendor systems. The hackers escalated the threat by publicly sharing a screenshot of the Maxis employee database, warning of potential future attacks.

Source: The Malay Mail

Telekom Malaysia Data Breach: In January 2024, Telekom Malaysia (TM) suffered a data breach that compromised nearly 200 million customer records, including approximately 20 million records of ‘effective user data’. While TM clarified that the breached data was "pre-processed, recycled, and dated," they responded seriously by involving authorities and strengthening cybersecurity measures. Even outdated data can be valuable on the dark web, as it may be exploited for identity theft, phishing, fraud, and other malicious activities.

Why Antivirus Alone is Not Enough

Antivirus software, while essential, is no longer sufficient to protect against the numerous cyber threats facing SMEs today. Here’s why:

Modern Threats Are More Complex

Modern cyber threats have evolved beyond simple viruses and worms. Today’s attackers use advanced techniques, such as polymorphic malware, which can change its code to evade detection, and fileless malware, which resides in the memory to avoid antivirus scans. These sophisticated threats require more advanced detection and response mechanisms.

The Rise of Ransomware

Ransomware attacks have become increasingly common and damaging. Traditional antivirus software often fails to detect and stop ransomware before it encrypts critical data. Advanced endpoint protection solutions that use behavioural analysis and machine learning are necessary to identify and block ransomware in real-time.

Phishing and Social Engineering

Phishing attacks and social engineering exploits target human vulnerabilities rather than system weaknesses. Your antivirus will not be able to protect against an employee clicking a phishing link or accidentally sharing sensitive information. Comprehensive cybersecurity training and awareness programmes are essential to reduce these risks.

Insider Threats

Insider threats, whether malicious or accidental, pose significant risks to organisations. Antivirus software cannot detect or prevent an employee from intentionally or unintentionally compromising security. Solutions such as user behaviour analytics (UBA) and data loss prevention (DLP) tools are critical to monitor and reduce insider threats.

Advanced Persistent Threats (APTs)

APTs are long-term, targeted attacks aimed at stealing data or compromising systems over an extended period. APTs often bypass antivirus software by using advanced tactics, such as spear-phishing, zero-day exploits, and custom malware. Detecting and responding to APTs requires a multi-layered security approach, including network monitoring, threat intelligence, and incident response capabilities.

Building a Comprehensive Cybersecurity Strategy

To protect against the diverse range of cyber threats, SMEs need to adopt a multi-layered cybersecurity strategy. Here are the key components of such a strategy:

Protecting Your Data

Data loss prevention (DLP) tools can monitor and protect sensitive data from unauthorised access or exfiltration. Encryption, both at rest and in transit, ensures that data remains secure even if it is intercepted or accessed by unauthorised parties.

Securing Your Email

Cybercriminals often use emails for phishing attacks and malware delivery. Email security solutions can filter out spam, malicious attachments, and phishing attempts. Implementing multi-factor authentication (MFA) adds an extra layer of protection for email accounts.

Strengthening Network Security

Network security tools, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation, are essential to protect against external and internal threats. Certified network defenders are key people who help protect organisations by conducting regular network monitoring, detecting and responding to threats, and predicting potential risks, ensuring business continuity.

Preparing for Incidents

Having a robust incident response plan minimises the impact of cyberattacks. Certified incident handlers ensure companies are prepared to recover from incidents. They detect, respond to, and reduce cybersecurity threats like malware, email breaches, network attacks, web vulnerabilities, cloud security issues, and insider threats. They help companies with forensic readiness assessments, liaising with legal bodies, and ensuring compliance with frameworks like NICE 2.0 and CREST.

Educating Your Team

A necessary step is to ensure that employees are educated and aware of cyber threats. They must be able to recognise criminal attempts, such as phishing emails, suspicious links, and other common tactics cybercriminals typically use. According to the Malaysia Cybersecurity Insights 2024, there is a gap in cybersecurity skills, with a shortage of 10,000 cybersecurity personnel in the country. Human error is a significant factor in many cyber incidents. Regular cybersecurity training and awareness programmes can help employees recognise and avoid potential threats. Regular security drills, like simulated phishing exercises, can also reinforce training and identify areas for improvement.

Staying Aware of Threat Intelligence

Threat intelligence provides valuable insights into emerging threats and attacker tactics. Integrating threat intelligence into security operations can help organisations stay ahead of potential threats and proactively defend against them. Threat intelligence analysts identify and mitigate business risks by turning unknown threats into actionable insights. They collect, analyse, and report data to predict outcomes. This helps companies prepare for unforeseen cyber incidents, adding a layer of security to prevent cyberattacks.

Advancing Endpoint Protection

Advanced endpoint protection goes beyond traditional antivirus by using machine learning, behavioural analysis, and threat intelligence to detect and respond to threats. Solutions such as Endpoint Detection and Response (EDR) provide real-time visibility and automated response capabilities.

Ensuring Compliance and Governance

Adhering to cybersecurity regulations and standards, such as ISO/IEC 27001, GDPR, Malaysia’s Personal Data Protection Act (PDPA), and now the new Cybersecurity Bill 2024, ensures that businesses follow best practices for data protection and security. Regular audits and assessments can help maintain compliance and identify areas for improvement.

As cybercriminals become more advanced, relying solely on antivirus software is inadequate for protecting SMEs. A comprehensive cybersecurity strategy, including advanced endpoint protection, network security, user education, and incident response, is essential for safeguarding your organisation against modern cyberattacks.

By understanding the complexity and sophistication of today’s threats, SMEs can better prepare and protect themselves. Investing in a multi-layered approach to cybersecurity not only protects your assets but also builds trust with your clients and partners, ensuring long-term success and resilience in the digital age.

Interested in giving your team the right tools and certifications to prepare for future cyber threats? Excelerate Asia has got you covered. Learn more about our cybersecurity courses here.

View Related Courses