Singapore has just added Digital Defence as the sixth pillar to its Total Defence framework, highlighting the threat that cyber attacks and disinformation pose, and the importance of cybersecurity for the nation.
In his Total Defence Day message last month, Singapore Defence Minister Ng Eng Hen emphasised the need to stay vigilant against threats from today’s digital domain.
"Security threats can be real and physical like terrorism or, just as damaging, can come through the cyber world," he said. "Malicious malware can cripple our systems."
Given Singapore's Smart Nation drive, and with digital technology now present in virtually all aspects of how we live, work, and play, the digital revolution presents both tremendous opportunities and huge risks for the country.
We continue to see ransomware dominating headlines in Singapore and the wider Asia-Pacific region, with attacks like the SingHealth breach, the largest cyber breach in Singapore’s history, plus global attacks like NotPetya and WannaCry signalling an epidemic and proving that any business, no matter how big or small, can be an attractive target for cyber criminals.
More needs to be done from the ground-up
As the sixth pillar in Singapore’s defence strategy, next to Military, Civil, Economic, Social, and Psychological Defence, Digital Defence, should not be overlooked, and this needs to start from the ground-up.
In Singapore, small and medium-sized enterprises (SMEs) make up 99% of businesses, also employing more than 65% of the population. And it is exactly this group which tends to be the most vulnerable, owing largely to their more limited resources and manpower, which results in making them less equipped than larger enterprises in dealing with cyber attacks, making it easier for even the most basic attacks to be successful.
Weakest link in the Singapore supply chain
SMEs are also the first link in Singapore’s business supply chain – as the subcontractors and vendors of larger enterprises and Government, providing everything from cleaning services to air conditioning, engineering to human resources and marketing. Therefore, they are also the weakest link, representing the soft-underbelly of business - well-placed backdoors for cybercriminals eager to access their primary targets. And as Singapore SMEs move to digitise their business transactions, they present even greater opportunities for online attacks.
Worryingly, a recent survey revealed that 63% of SMEs in Singapore felt they were less vulnerable to attack than larger enterprises, even though more than half (56%) admitted to suffering cyber-attacks in the past 12 months.
Truth is, many SMEs still operate with an “it’ll never happen to me” mentality, while others claim they can’t afford cyber defence solutions. Neither of these mindsets is particularly helpful – and it should always be remembered that preventing an attack is far less costly than remediating one.
According to Ponemon Institute, cyber attacks cost SMBs an average of over $2.2 million, which is made of clean up costs and the costs associated with business disruption. This cost has the potential to swallow SMEs whole, and in fact, many simply never recover.
These days, thanks to the introduction of the EU General Data Protection Regulation (GDPR) and Singapore’s own Personal Data Protection Act (PDPA), it’s never been a more important time for SMEs to keep a keen eye on how they are managing and protecting their customers’ data, which is now legally a key responsibility for all businesses.
Part of this includes ensuring that they are doing what they can to secure their network. This makes it paramount for SMEs to ensure they have robust cybersecurity software to protect against a wide range of threats, whilst also practicing good cyber-hygiene, including replacing legacy systems with cutting-edge tech where necessary, and making sure to regularly update software and install patches to protect against emerging threats.
BCDR = Life Saver
The second of the SME-must-haves is Business Continuity and Disaster Recovery (BCDR), which is basically a life-line in case the worst should happen – helping to protect critical systems and data while keeping the business up and running, avoiding the costly effects of downtime for SMEs.
Get Clued Up
Lastly, even the best security set-up can fall flat on its face if the team continues to create risk by behaving irresponsibly online. SMEs need to make sure that all team members are aware of cyber risks and know the basics in how to avoid clicking on malicious links and other activities which open the door to cybercrime. Having company policies and protocols in place can help to cement these ideas – and should form the backbone of any organisation’s security framework.
Ultimately, robust digital defence for SMEs shouldn’t need to cost the earth, but the cost of an attack just might. A watertight security posture mostly comes down to forward planning and common sense, but the rest is about doing your homework and making sure you have the right solutions to provide your business and your customers with the very best digital defence.
James Bergl, Director, Datto APAC