Here’s how Singaporean SMEs should beef up their cybersecurity efforts

Singapore’s thriving network of Small and Medium Business Enterprises (SMEs) sets the buzzing metropolis apart from other small cities. In spite of the numerous efforts to nurture this network, many of these SMEs still fall prey to common cyberattacks. The latest report released by the Cyber Security Agency of Singapore (CSA) puts SMEs on the spotlight once more, with 40% of cyberattacks in Singapore targeting SMEs – and this is without taking into account the undisclosed cases.

Alarmingly, the figures show that a large number of SMEs in Singapore have yet to install any cybersecurity protection. They are completely exposed to malware, ransomware and a myriad of threats. But it is not all about having a system in place, it is about education as well. The most commonly reported threat by the CSA was phishing, which targets the most powerful yet vulnerable computer on the planet: the human brain. In 2017, a lot of companies received emails, SMSes or calls impersonating big-name companies requesting for employees to provide sensitive personal data — login credentials, credit card numbers, social security numbers, and bank account numbers—for fraudulent purposes. This puts them at risk where attackers can exploit credentials to commit crimes such as identity theft, draining bank accounts, or selling personal information on the black market.

Why it matters

For the many companies that are without a cybersecurity program or business continuity plan, a hack could spark the beginning of the end. According to the Singapore Computer Emergency Response Team (SingCERT), millions of dollars were lost through phishing scams where hackers impersonated company executives or business partners via e-mail.

Unpatched flaws on systems and software are another point of vulnerability for many enterprises. Osterman Research uncovered that more than 60 percent of attacks take organizations more than nine hours to remediate, the equivalent to a full working day. With the complexities involved in responding to malicious attacks, normal operations would cease in order to remediate the threats. SMEs would not be able to function efficiently – manufacturing companies wouldn’t be able to operate and monitor their factories, and normal operations would cease in order to remediate the threats from endpoints.

The cost to businesses and the complexity involved in responding to these types of incidents, continues to rise. Considering that SMEs play a large part in building the backbone of Singapore’s economy – they make up 99% of Singaporean enterprises, employ two-thirds of the workforce, and account for about half of Singapore’s GDP – all of these would lead to a loss of revenue.

Accelerating towards a secured future

While Singapore continually focuses on strengthening its overall cybersecurity posture, the majority of SMEs are slow at adapting cybersecurity measures as they don’t have the resources or skills to deal with cyber threats. However, they should start taking more proactive steps to beef up their cybersecurity efforts.

On one hand, it’s important to note that regardless of any cyber-attack an organization might face, fostering a culture of cybersecurity plays a massive role in arming employees with knowledge of what these attacks are and how they should respond if and when such incidents happen. Singaporeans lack awareness and basic knowledge regarding potential threats that are lurking online, and it’s also highly likely that the majority of them don’t practice or aren’t familiar with basic computing hygiene. This leaves their systems insecure and makes them easy targets for scammers and online criminals who would go after their money and personal information. Trainings on how to spot scams or how to keep the laptop clean would make a huge difference.

On the other hand, standardizing and automating incident response protocol could help SMEs reduce costs and preventing any potential attacks. While it wasn’t long ago when data breaches and other incidents required a customized, manual resolution, the power of today’s machine-learning and AI-powered cybersecurity programs make manual intervention almost obsolete. Human staff members are still needed to deploy and program these systems and monitor the processes used in the company. All these puts IT staff in the front lines towards the fight against cybercrime, as well as the opportunity to learn new concepts and technologies, positioning them ahead of their peers.

It’s a win-win situation for all parties involved. Owners and CEOs gain comfort knowing that their investments are well-protected. IT teams get to use their tools and knowledge. And employees don’t have to worry about their personal information falling into the wrong hands.

What’s next?

In the second half of the year, Singaporeans may see the continuous rise of Business Email Compromise (BEC) and mobile-phone related threats, such as SMS scams, phishing, and mobile malware. We could also observe a rising trend of reports on attacks caused by unpatched flaws on systems and software. Adapting cybersecurity technologies and policies coupled with ongoing education and awareness campaigns for businesses, government, and the nation can significantly impact the prevalence of phishing attacks, tech support scams, and malware infection. As Singapore takes more proactive steps to improve Her cybersecurity posture, She is heading towards the right direction for a cyber secured future.

Adam Kujawa is Director of Malwarebytes Labs