Seven in 10 cyberattacks detected in Singapore this year originated from Asia, with organisations taking more than six months on average to detect the data breach.
China is the top source of these security incidents, accounting for more than one-fifth (22.8%) of them. It is followed by India (18.4%), Russia (11.3%), the United States (10.6%) and Taiwan (7.6%).
These insights were derived from research developed by Ensign InfoSecurity (EIS), Asia’s largest pure play cyber security firms, from the period of October 2017 to March 2018.
The research also revealed that three in four (73%) security incidents were related to port scanning, which is used by attackers to identify open and vulnerable services on a server or host. This allows attackers to discover vulnerabilities that can be exploited. Exploitation can take the form of subsequent malware and phishing attacks which can be launched on these systems. Successfully compromised nodes have been found to be used as command and control nodes (18%) and botnets (9%) as the most prevalent forms.
Small Medium Businesses and organisations in the Education and Infocomm sectors are among the top targets for port scanning.
Botnets, malware, phishing and DDoS attacks round up the top security threats identified in Singapore.
This year, as more companies undergo digital transformation and adopt advanced technologies to gain an edge over their competitors, cybersecurity should be top of mind. EIS outlines five key predictions that will impact enterprises in the region.
1. Compliance costs will grow as governments deal with cyber threats
As businesses become increasingly digitalised, they also become targets of cyber attackers gunning for their valuable consumer data. In response, governments are enacting privacy and cyber security legislation to protect consumer data. Notable examples include the EU General Data Protection Regulation (GDPR), and the Singapore’s Personal Data Protection Act (PDPA).
Businesses will need to set aside larger compliance budgets to ensure that their digital infrastructure is well calibrated and compliant with privacy and cyber security law.
2. Growing attacks on mobile, cloud platforms and SCADA systems, as these systems become more connected
Mobile and cloud platforms are becoming increasingly popular as companies embark on digital transformation projects to improve productivity and cost savings. This includes integrating multiple digital platforms including mobile devices, scaling up cloud operations, and enabling remote access.
Critical infrastructure owners are undergoing digital transformation of Operation Technology (OT) environments for increased productivity, visibility, and automation. However, this exposes previously air-gapped systems that have no inherent security. OT devices are built for service reliability and not security, and lack basic security features such as encryption and authentication.
These business enhancements increase the attack surfaces of a company’s IT and OT environments, and place sensitive and valuable data and access within reach of attackers. This will only serve to encourage more cyber-attacks on these platforms.