Rising Cybersecurity Threats for Small and Medium-Sized Businesses
Recent data from Kaspersky Security Network (KSN), gathered between January and April 2025, sheds light on an alarming trend affecting small and medium-sized businesses (SMBs) in selected regions of Europe and North, West, and Central Africa. This report highlights how cybercriminals are increasingly using sophisticated tactics to disguise malware as trustworthy software, making it essential for SMBs to remain vigilant.
The Landscape of Cyber Attacks
In Europe, the threat is pronounced, with Austria leading the way. The country accounted for a staggering 40% of all reported cases where potentially unwanted applications (PUAs) and malware mimicked legitimate software like ChatGPT, Microsoft Office, and Google Drive. Following Austria are Italy (25%), Germany (11%), and Spain (10%). Portugal also faced significant attacks at 6%, while France had a smaller share at 4.1%. Other countries, including Serbia and the UK, registered around 1% each, marking them as less frequently targeted. Overall, nations like Romania, Greece, and Switzerland saw minimal cyberactivity against their SMBs.
In Africa, Morocco was at the forefront, with PUAs targeting 41% of SMBs in the region. Tunisia and Algeria followed with significant shares of 24% and 16%, respectively. More modest figures were noted in Senegal and Cameroon, both at 7%, while Ivory Coast accounted for 5%.
Key Cyber Threats Facing SMBs
The nature of threats targeted at SMBs varies between the two continents. In Europe, backdoors are the most exploited method, affecting 24% of reported cases. Following closely are Trojans at 17% and not-a-virus: Downloaders at 16%. Conversely, African SMBs face a different mix, with not-a-virus: Downloaders dominating at 55%, along with DangerousObjects at 14% and Trojans at 13%.
Marc Rivero, Lead Security Researcher at Kaspersky’s Global Research and Analysis Team (GreAT), emphasizes the challenges SMBs face. “Small businesses confront enterprise-level threats, yet often operate with startup-level budgets. The most effective defense doesn’t necessarily come from investing in expensive tools but from understanding attacker tactics and closing the vulnerabilities they exploit.”
Strengthening Cybersecurity for SMBs
To combat these threats, SMBs can take proactive steps to enhance their cybersecurity posture and ensure business continuity. Key strategies include:
Implementing Security Hardening
A foundational step involves strengthening existing systems to minimize potential attack surfaces. Measures such as enforcing robust authentication protocols, using multi-factor authentication, regularly updating software, and patching vulnerabilities are crucial. Additionally, encrypting sensitive data both in transit and at rest will help safeguard against unauthorized access.
Promoting Employee Awareness
The human element in cybersecurity cannot be underestimated. Regular training sessions that focus on safe email practices, secure password management, and the identification of phishing attempts can significantly enhance an organization’s cyber literacy. When employees are well-informed, they serve as a first line of defense against potential threats.
Sourcing Software Safely
SMBs should avoid downloading applications from unofficial sources. It is vital that any new software comes from trusted, verified channels and is installed by the IT department to mitigate the risk of hidden malware.
Controlling Resource Access
Defining and enforcing clear access rules for emails, shared folders, and online services should be a priority. Monitoring user activity and promptly revoking access when employees leave the company helps in minimizing the risk of data breaches.
Utilizing Specialized Security Solutions
Investing in tailored security solutions can greatly benefit SMBs. Products such as Kaspersky Next combine comprehensive endpoint protection with advanced detection and response capabilities, making them suitable for businesses of various sizes. For SMBs with robust IT infrastructures, Kaspersky Next XDR Optimum offers a sophisticated option. In contrast, very small businesses that may lack dedicated IT support can opt for Kaspersky Small Office Security (KSOS), which offers an easy, “install and forget” setup, providing essential protection with minimal effort.
Understanding the evolving landscape of cybersecurity threats is crucial for SMBs. By implementing these strategies and fostering a culture of awareness, businesses can better protect themselves against the growing tide of cybercriminal activity. For further insights, including specific examples of phishing attacks affecting SMBs in Europe and Africa, accessing the full Kaspersky report is highly recommended.
