Why are cybercriminals targeting smaller businesses instead?

  • Cybercriminals are targeting large enterprises by attacking smaller businesses in their supply chain.
  • Organizations need to have visibility on their supply chain network to ensure everyone connected is not a liability to them.  

Cybercriminals have been a nuisance to businesses even before the pandemic started. While the pandemic did see a spike in ransomware, phishing emails and such, cyber threats were already evolving and targeting various weaknesses and entry points in organizations.

According to Interpol’s ASEAN Cyberthreat Assessment 2021 report, cybercrime’s upward trend is set to rise exponentially, with highly organized cybercriminals sharing resources and expertise to their advantage. The region’s top cyber threats include business email compromise, phishing, ransomware, e-commerce data interception, crimeware-as-a-service, cyberscams, and cryptojacking.

With remote working, cybercriminals are now being able to carry out more targeted attacks. Successful targeted attacks today look at disrupting the supply chain, such as the recent Colonial Pipeline and JBS attacks. Healthcare providers are also being targeted globally, both in the US and in the Asia Pacific.

“Hackers are getting smarter. If your organization is heavily fortified with security, cybercriminals are not going to waste time going after you. Instead, they will target your supply chain partners and so on, which in turn will have an impact on the whole organization as well. Going through these trusted channels makes it an easier way to infiltrate organizations,” said Juan Huat Koo, Cisco’s ASEAN Security Leader.

Remote working changed traditional security perimeters

The traditional perimeters in an enterprise have disappeared with remote working. Businesses are not able to fully protect all their remote workers. Unsecured networks, employees using their own devices for work are some of the risks that come with remote working, which cannot be easily addressed by organizations.

“According to Cisco Security Outcomes Study: Endpoint Edition4 out of the top 5 markets with the highest percentage of organizations reporting a major cybersecurity incident in the last two years were from Asia. The top 3 markets are Thailand (66%), China (59%), followed by India (55%), with Vietnam (52%) and Australia (51%) coming in fifth and sixth. Netherlands is ranked fourth, before Vietnam.

We also need to look at the maturity levels of countries. Thailand and Malaysia are evolving markets which also gives cybercriminals opportunities. The shift to remote work and digitization are opening up avenues for cybercriminals,” explained Juan.

With countries going in and out of lockdown in the past year and a half, cybersecurity continues to be an area that companies are looking to invest in. While some businesses have moved back to their premises, they are now having to refresh their systems and look to ways of how they can prioritize processes in the company. For example, do they focus on fixing their dormant systems on-premises or focus on improving the services for their remote workforce?

SMBs merely a stepping stone

For Kerry Singleton, Cisco’s cybersecurity expert, “It is important to note that a lot of the small and medium businesses (SMBs) are part of the supply chain of larger companies. They can often be targeted due to lower security. The endgame for cybercriminals is to go through SMBs to reach larger enterprises. We are seeing a lot more of these types of attacks.  Like it or not, SMBs need to get savvy around cybersecurity given the impact they can have in the supply chain.”

Kerry added that smaller businesses play a key role for big companies. For example, an SMB could be running a particular service for a large financial service organization. To run the service, that SMB would have access to a large number of data sets from the financial organization. However, the SMB could have a less robust security framework, and won’t have a large security team compared to a large financial services organization.

“So if that data is taken out of the network, there are some serious implications to the company that shared that data with the SMB, expecting them to keep safe that data. At the same time, there are also SMBs who play a critical role in the supply chain for larger companies. Both organizations would have an element of trust with each other but they wouldn’t realize that the breach originated from an SMB until it happens,” explained Kerry.

Managed Service Providers (MSPs) are also now heavily targeted by cybercriminals as these companies often have data and access to a myriad of other companies. For example, the recent attack on MSP Kaseya saw more than 1,500 businesses affected, not just in the US, but in Europe and the Asia Pacific as well. By exploiting one MSP, cybercriminals can now have access to many more companies.

“Visibility is everything. While you establish trust with your partners and your supply chain, you need to know what is happening in the infrastructure and the environment. Never assume everything is safe. This is where a zero-trust framework comes in. It questions everything and checks every entry into the system,” said Juan.


A collective effort

Businesses often take about 100 days to detect any threat. By then, the damage would have already been done. Both Kerry and Juan feel that organizations need to look at the zero-trust framework, especially with remote working being the new normal and more devices also being added to the network.

As Kerry puts it, from the government to enterprises and service providers, knowledge sharing and collaboration are key to ensure threats are detected and dealt with. The US, Australia, Singapore are sharing breach information. Businesses need to use the information properly and work the collaboration into their business.

“Hackers are sharing information. We also need to work closely and share information. We have done MOUs with Singapore and Malaysia on sharing threat intelligence. This is crucial in stopping threats coming into ASEAN,” concluded Juan.