Finding focus: A strategic approach to cybersecurity for SMBs in SEA

Small and medium-sized businesses (SMBs) account for approximately 94 to 99.9 percent of all businesses in the Southeast Asia (SEA) region, and are undoubtedly integral to both domestic and cross-border trade ecosystems, especially given the region’s highly interconnected supply chains. It is precisely this centrality that makes SMBs especially appealing to cyber attackers, as they not only hold valuable data but also serve as entry points into larger supply chains.

As most SMBs operate with significantly more limited resources than large enterprises, they often have a reduced capacity to invest in their cybersecurity defenses. This combination of their economic importance and their relatively weaker defensive capabilities therefore makes SMBs attractive targets for cyberattacks.

In fact, recent data from Kaspersky reflects this reality – businesses in SEA continue to face persistent cyberthreats, recording more than 18 million malicious attacks in 2025 alone. Backdoor attacks on organisations within the region have also surged by 17 percent year-on-year in 2025, highlighting that cyberattacks remain a significant challenge for SMBs.

One of their top challenges includes the rise of commoditized ransomware, phishing attacks, & staff shortages. Each issue poses a significant risk and overwhelms lean teams.

The good news is that none of them requires an enterprise budget to address. The solution in each case is the same: reduce complexity, consolidate visibility, and build on what your existing team can realistically manage.

Challenge 1: The commoditisation of ransomware

Ransomware was once the domain of sophisticated, well-resourced criminal groups. That is no longer the case. The rise of Ransomware-as-a-Service (RaaS) means that relatively low-skilled attackers can now purchase pre-built ransomware kits and deploy them against businesses of any size.

For SMBs, this shift is significant. Ransomware groups have also become more targeted and financially precise, calculating their demands based on what a victim can plausibly pay. Around half of organisations now consider ransomware their top cyber risk, according to the World Economic Forum.

Addressing this requires a layered approach rather than a single tool. Anti-ransomware protection driven by machine learning can block known threats automatically, while AI-powered behavioural analytics can identify suspicious patterns that signature-based controls miss. Automating endpoint isolation limits how far an attack can spread, and alert aggregation helps teams investigate potential incidents without being overwhelmed. Regular data backups and user awareness training round out a strategy that treats ransomware as a constant, manageable risk rather than a catastrophe.

Challenge 2: Most breaches involve the human element

Phishing continues to be one of the most effective initial attack vectors, largely because it targets the one element no technical control can fully secure: human judgment. Modern phishing attacks are convincing, often exploiting legitimate-looking emails, trusted sender identities, and, increasingly, AI-generated content that personalizes messages at scale.

The statistics make uncomfortable reading. User execution and phishing techniques rank among the top three threats, according to “Anatomy of a Cyber World: 2026 Security Services Global Report”, which demonstrates that users are still a weak link. For many SMBs, the organisational structures and resources that large enterprises use to build a strong human firewall simply do not exist.

An effective defense needs to work across three dimensions simultaneously:

Process controls, such as multi-person authorisation for high-value transactions and tightly governed access to sensitive data, reduce the blast radius when someone does click.

People-focused training that is continuous rather than periodic, with automatic re-enrolment triggered by risky behaviour, turns mistakes into learning moments.

Technology that provides real-time scanning of emails, links, and attachments, combined with behavioural controls that act after a click, provides the technical backstop.

None of these layers alone is sufficient; together, though, they significantly reduce both the likelihood and the impact of a successful phishing attack.

Challenge 3: Staff shortages and the skills gap

Three-quarters of businesses consider the cybersecurity skills shortage a serious issue, according to Kaspersky data. For SMBs, the consequences are particularly acute. Most cannot compete for dedicated security talent, which means general IT staff often serve as the de facto first line of defense against sophisticated threats they were never trained to handle.

A dangerous middle ground exists. Advanced cybersecurity training is too specialized for IT generalists, while basic cyber hygiene programs don’t equip them to investigate or respond to real incidents. The result is that skilled attackers slip through gaps that a dedicated security team might catch.

The sustainable response is to deliberately upskill existing IT staff into cyber first responders. For generalists and sysadmins, this means building practical skills in incident response fundamentals, secure cloud configuration, and working effectively with EDR and XDR tools. IT teams benefit from training that helps them recognize and triage security alerts, not just IT tickets.

Formalizing security responsibilities in job descriptions helps ensure these capabilities are retained and developed over time, and investment in training can help improve employee loyalty, reducing the churn that compounds the skills gap in the first place.

Building resilience without building complexity

The common thread running through each of these challenges is complexity. SMBs are making diligent efforts to take cybersecurity seriously, but they are facing difficulties in keeping pace with a threat environment that has evolved more rapidly than their tools and teams can manage. Adding more products rarely solves this problem; in fact it frequently deepens it, increasing alert volume, integration overhead, and the risk of coverage gaps.

The more effective path is consolidation, converging prevention, detection, response, and awareness into platforms that are genuinely manageable by small teams. To protect against this wide range of threats targeting small and medium-sized companies, organisations can look to solutions that provide real-time protection, threat visibility, investigation, and response capabilities spanning both EDR and XDR, adapted for lean teams. Companies can also choose an option to gain robust managed protection through a tailored MXDR solution if they don’t have time or resources to develop internal expertise.

When complexity decreases, resilience follows. Incidents are contained faster, downtime is reduced, and teams regain the capacity to be proactive rather than permanently reactive. SMBs can explore how to enhance their security posture with guidance tailored specifically for their environment. With this knowledge, they can enhance their processes and build a solid cyber resilience.

Simon Tung is the General Manager for Kaspersky in ASEAN (Association of Southeast Asian Nations) and AEC (Asia Emerging Countries). Effective October 2025, he leads the company’s strategic direction and business operations across the region, focusing on empowering organizations and governments to navigate an increasingly complex threat landscape.

His primary focus is on accelerating growth, building key partnerships, and enhancing the delivery of Kaspersky’s innovative solutions to meet the evolving needs of customers and partners in the digital era.

Simon has over three decades of extensive experience in the technology sector, with a proven track record of building and scaling businesses across Asia Pacific. He combines financial discipline with strategic foresight to deliver sustainable results. He has successfully transformed underperforming units, doubled revenues, and launched new business models that accelerated market expansion during his stints in companies like Crayon, Microsoft, and SAP.

He holds a Master’s Degree in Business Administration from University of Adelaide, Australia, is a Chartered Certified Accountant with ACCA (UK), and has an SMU-SID Accredited Diploma in Directorship from Singapore Management of University, Singapore.

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Featured image: Tima Miroshnichenko on Pexels

AI is becoming our go-to career adviser; it should both concern us and excite us