Forty-one percent of South African companies have suffered a loss of productivity due to viruses and malware, such as ransomware. Small to medium enterprises (SMEs) were also more at risk than enterprises, which were typically more prepared for attacks.
This was revealed by Kaspersky Lab, in a global survey of 4 000 businesses across 25 countries, including 76 South African companies. The research found that over a third of those surveyed said they lacked sufficient insight into potential threats, leading to 67% making use of external IT security service providers. Over 14% of businesses said they planned to do this in the near future.
The research found that over 60% of South African firms were concerned about phishing and other social engineering techniques and 46% were concerned about exploits through mobile devices.
Tracing the ever-increasing threat to businesses, Sergey Martsynkyan, a senior global B2B product marketing manager, told journalists at a cybersecurity meeting in in Malta on Friday that a decade ago they had found a new virus emerging every minute. Five years ago, this had increased to a new virus being found every second. Currently, 300 000 new viruses are being unleashed every day.
SMEs more at risk
While every organisation faced these cyber threats, SMEs were not able to protect themselves to the same extent as enterprises, said Martsynkyan.
Kaspersky research showed that a single cyber-security incident now cost SMEs an average of $86 500. This figure rose sharply the longer it took for the attack to be discovered. SMEs also tended to take longer to realise they had been compromised, due in part to the fact that 40% of those surveyed said they lacked insight and intelligence into threats they faced.
Speaking of what makes SMEs such attractive targets, Martsynkyan said almost all enterprises had a comprehensive security plan in place which would require a sophisticated, bespoke attack. By comparison, SMEs offered easy pickings, and criminals could merely reuse an existing virus.
"Maybe SMEs think it's enough to download a free antivirus. It's not true." He said when Kaspersky speaks to SMEs they say they're too small to be attractive targets to cyber criminals.
He added that many SMEs used mobile apps to make payments, which made them attractive targets, and that they tend to store 'everything in e-mail' and many stored information on mobile devices.
These could be stolen and exploited, borne out by the Kaspersky survey which showed almost 40% of South African firms reported the physical loss of mobile and other devices.
Martsynkyan said they were also seeing an increased number of targeted attacks on SMEs, including phishing and ransomware. Regarding those affected by ransomware, 40% paid, or intended paying the criminals to decrypt their data.
He advised SMEs not to pay the ransom, "because this money will be used for the next attack".
Share