What Last Year Taught Us: Two Cyber Incidents Every SME Must Learn From

Reported by Ngo Wei Cheng

​Why SMEs Are Now the Primary Cyber Target

Cyber threats have become more aggressive, automated, and opportunistic.

A decade ago, attackers focused mostly on large enterprises.

Today, the most common victims are SMEs, because attackers look for the easiest entry point.
​
Most SMEs struggle with:

• Limited IT staff
• Weak access control
• Unpatched systems
• Over‑trusting digital habits
• Minimal security monitoring

​
Attackers know this, and they take advantage.

​What Are the Biggest Cyber Threats Facing SMEs in 2025?

• Credential theft (stolen passwords, session tokens)
• Ransomware attacks
• Phishing emails and scams
• Unpatched or outdated systems
• Poor access control or excessive permissions

​
These threats hit SMEs across Malaysia and globally.

⚠️The scenarios in this article are composite real‑world cases, created from common attack patterns observed across publicly reported cyber incidents and industry experience. Identifying details have been changed or combined to focus on practical lessons relevant to SMEs. Security needs differ between organizations. SMEs should assess risks based on their own environment or seek professional guidance where appropriate.

​Case 1: Credential Theft Through a Customer Support System

What Happened?
​In one scenario, attackers gained access to an organization’s customer support system using stolen login credentials.

Within uploaded support files, they were able to identify session tokens, a temporary digital passes that can keep users logged in. When these tokens are not properly protected or expired, attackers may reuse them to impersonate legitimate users without needing a password.
​
Many SME support systems and internal IT tools use similar mechanisms, which makes this attack relevant beyond large organizations.

Business Impact

• Attempted account takeovers
• Exposure of customer-related data
• Unauthorized access to connected cloud systems
• Operational disruption and security investigations

Why This Matters to SMEs
​Attacks like these rarely involve complex hacking.

A single stolen password can be enough to expose internal systems, customer data, and daily operations, often without triggering immediate alerts.

​How SMEs Can Defend Against Credential Theft 

✔ Enable MFA Everywhere
Even if a password is stolen, MFA blocks unauthorized access.

✔ Use Strong Access Controls
Limit which employees can access sensitive systems.

✔ Avoid Uploading Sensitive Data in Support Files
Remove passwords, tokens, and API keys from logs before sharing.

✔ Train Staff to Recognize Phishing Attempts
Most credential theft starts with a deceptive email.
​
✔ Use a Password Manager
Ensures strong, unique passwords across your team.

​Case 2: Ransomware Disruption at a Malaysian Organization (Transportation)

What Happened?
​In another scenario, a Malaysian organization experienced a ransomware attack that disrupted critical operational systems.

Systems used for daily operations such as displays, check-in processes, and internal management tools became unavailable almost overnight. Staff were forced to switch to manual processes while IT teams worked to contain the damage.

Although the organization itself was not the direct target, attackers likely gained access through a vulnerable system such as an outdated server, an unpatched device, or a compromised user account, before deploying ransomware across the network.
​
​Business Impact
Ransomware attacks often cause immediate and cascading effects, including:

• Operational downtime and service disruption
• Lost business revenue
• Temporary or permanent data unavailability
• High recovery and remediation costs
• Reputational damage and loss of customer trust

​
For many organizations, the business impact is far greater than the technical issue itself.

Why This Matters to SMEs
Ransomware is one of the most common and damaging cyber threats facing SMEs in Malaysia today.

Attackers do not need to breach every system. In many cases, they only need one weak device, one outdated system, or one compromised account to disrupt the entire business.

SMEs are especially vulnerable because ransomware attacks are often automated, opportunistic, and designed to target organizations with limited security resources.

​How SMEs Can Defend Against Ransomware

✔ Backup Your Data Regularly
Backups are your strongest defense against ransomware.
Maintain:

• One offline backup
• One cloud backup
• One on-premise backup

If ransomware hits → restore systems → resume operations without paying ransom.

✔ Keep Systems Updated
Most ransomware exploits known vulnerabilities in outdated software.
Regular patching of operating systems, servers, and applications significantly reduces risk.

✔ Install Endpoint Protection (Modern Antivirus / EDR)
Modern endpoint security tools can detect and stop ransomware automatically, often before it spreads.
This is especially important for laptops and remote workers.

✔ Segment Your Network
Network segmentation prevents malware from moving freely between systems.
This limits damage even if one device is compromised.

✔ Limit Administrative Privileges
Only authorized IT administrators should have full system access.
Reducing admin rights limits how far ransomware can spread.

✔ Prepare an Incident Response Plan
Your team should know:

• Who to inform immediately
• How to isolate infected devices
• How to communicate with customers and partners

Clear response steps reduce downtime and panic.
​
✔ Avoid Paying Ransom Whenever Possible
Paying ransom does not guarantee data recovery and may increase the risk of future attacks.
SMEs should focus on recovery through backups and incident response planning.
Any decision involving ransom payments should involve legal and cybersecurity professionals.

​Why Malaysian SMEs Are Especially at Risk

Based on common patterns observed among Malaysian SMEs, several factors increase exposure to cyber risks:

• Rapid adoption of cloud services
• Reliance on outsourced or part-time IT support
• Limited cybersecurity budgets
• Heavy dependence on email-based workflows
• Obligations under PDPA compliance requirements
• Increasing digitalisation across all industries

These factors make SMEs attractive targets, not because they are important, but because they are easier to compromise.

​The Biggest Takeaway for SMEs

​Attackers do not choose victims based on size or importance.

They look for organizations that are easiest to break into.
​
The good news is that simple, practical improvements can dramatically reduce your risk.

The SME Cyber Protection Checklist

Every Malaysian SME should aim to implement the following:
​

1. Use multi-factor authentication (MFA) everywhere
2. Adopt a password manager
3. Train employees on cybersecurity awareness quarterly
4. Patch and update all systems regularly
5. Use EDR or advanced antivirus protection
6. Perform weekly backups (offline and cloud)
7. Limit administrative access rights
8. Secure Wi-Fi networks and use strong router passwords
9. Monitor for suspicious login activity
10. Prepare and test an incident response plan

​Implementing even half of these controls already puts you ahead of most SMEs.

Frequently Asked Questions (FAQ)

1) Why are SMEs in Malaysia targeted by cybercriminals?
Attackers typically look for weak or poorly protected systems rather than well-known brands. Many SMEs have limited security resources, making them easier targets for automated and opportunistic attacks.

2) Is basic antivirus enough for SME cybersecurity?
Basic antivirus solutions often cannot stop modern ransomware, phishing-based attacks, or credential theft. Most SMEs need additional controls such as multi-factor authentication (MFA) and endpoint detection and response (EDR) for better protection.

3) What is the most common cyber attack against SMEs?
Credential theft and phishing are the most common starting points. Once attackers gain access to a single account, they can often move further into systems if controls are weak.

4) How much should an SME invest in cybersecurity?
There is no fixed amount. Many SMEs begin with essential protections such as MFA, endpoint security, and reliable backups, then scale their security investments as the business grows and digital reliance increases.
​
5) What should an SME do first after a ransomware attack?
Immediately isolate affected devices to prevent further spread and seek professional cybersecurity assistance before taking any recovery or payment-related actions.

​Strengthen Your Cybersecurity with 57Network

​Cyber threats today are no longer limited to large enterprises. SMEs are frequently targeted because attackers look for the easiest entry point, not the biggest brand.

Relying solely on basic, built-in security controls is no longer sufficient against modern threats.

A strong SME cybersecurity posture typically combines:

• Practical security habits
• Regular system updates and patching
• Ongoing employee awareness
• A reliable security platform designed to stop modern attacks

Solutions such as Bitdefender GravityZone are designed for SME environments, helping block ransomware, phishing, and advanced threats while keeping management simple for small or outsourced IT teams.

If you’re unsure where to start or want to validate your current setup, we’re here to help.

57Network provides friendly, no-obligation consultations, product trials, and practical guidance tailored specifically for Malaysian SMEs.
​
🛡️ Need help improving your cybersecurity?
Contact 57Network — we’ll help you take the next practical step.