Singapore is a highly-connected country that consists of a strong network of Small and Medium Enterprises (SMEs). However, despite several efforts made in the past to strengthen the security of this network, these SMEs have been, and continue to be vulnerable to cyber attacks.
In 2017, there was a significant rise in the cybercrimes in Singapore, as reported by the Singapore Police Force (SPF). Over 5340 cases of cybercrime were reported which is a 1% increase from 2016 taking the overall percentage of cybercrimes to 16.6%. Just recently in July, hackers infiltrated the SingHealth system and gained access to the personal data of over 1.5 million people.
According to the Singapore Cyber Landscape 2017 report by the Cyber Security Agency of Singapore (CSA), almost 40% of all cyber attacks in Singapore target the SMEs. What is even more alarming is that these are just reported cases which means that this percentage is likely to be much higher in reality.
The report by the CSA highlights numerous figures and statistics on cyber threats that SMEs in Singapore faced in 2017 and urged the need for robust security mechanisms.
Here is a breakdown of how the numbers looked like for common cyber threats such as website defacements, malware infections, and phishing:
- Website Defacements: In 2017, Singapore had 2040 reported cases of website defacements and the majority of these defaced websites belonged to SMEs from different industries such as retail, manufacturing, and information technology.
- Malware Infections: These infestations of malware were reported in the form of ransomware and compromised systems.
- Ransomware: Singapore and SMEs, in particular, were not affected as severely by ransomware as other forms of cyber attacks. In 2017, there were 25 cases of ransomware reported to the SingCERT which included the WannaCry, Dharma, Sage, and Cerber campaigns wit ransom demands ranging between $2000 – $4000.
- Compromised Systems: The CSA monitored an average of 2700 botnet drones on a daily basis and 750 Command & Control servers in 2017. Through this, the CSA was able to detect 400 variants of malware out of which the five variants that caused most of the infections included Sality, Cutail, Mirai, Conficker, and WannaCry. The concern here is that most of these malware variants are not new which means that the systems are not being scanned for viruses on a regular basis.
- Phishing: The most alarming fact is that numerous SMEs reported phishing as the most common cyber attack that they witnessed. This shows the lack of both cybersecurity protection and basic education for employees regarding security measures. Phishing is by far the simplest and surprisingly, the most effective methods that hackers use to steal credentials and other personal data. This is done by tricking the users with dubious attachments or links, often by impersonating big companies such as Google. Out of the 23420 phishing URLs found by the CSA, almost 40% spoofed technology websites such as Microsoft.
The importance of cyber security for SMEs:
Businesses, particularly SMEs, are the most common targets of cyber attacks in Singapore. The reason for this vulnerability is because SMEs lack the resources and the knowledge to adopt the necessary cyber security solutions.
Currently, many of these SMEs are without business continuity plans or a cybersecurity program. Such companies are exposed to ransomware, malware, and a variety of cyber threats.
The pitfall of not having an adequate cyber security system in place is that it can incur losses in the form of money and downtime for businesses. According to SingCERT, SMEs lost millions of dollars to phishing scams in the past year whereas the Osterman Ransomware Survey shows that 60% of cyber attacks take 9 hours or more to resolve, which is equivalent to a full working day.
There are a number of steps that SMEs can take in order to bolster their cybersecurity:
- Patch their system regularly to ensure that known security exploits and bugs are fixed.
- Foster a culture of cybersecurity within the organization and educate employees on the basics so that they can learn how to avoid being scammed by phishing attacks and similar cyber threats.
- Standardize and automate incident response protocol through machine learning based cybersecurity programs.
- The IT staff should be put on the front line to counter the risks posed by cybercrime.
Other than the organizations themselves, the CSA is working closely with its partners to improve Singapore’s resilience to cybercrimes. These efforts the introduction of a Cybersecurity Act, campaigns such as GoSafeOnline and SingCERT, and the development of Smart Nation initiatives for improving the awareness about cybercrimes.
Cyber threats to Singapore SME are on the rise for the past few years with the number of incidents increasing significantly. The lack of awareness coupled with the absence of cybersecurity systems in SMEs are the primary causes behind this upsurge in cyber attacks. The next step forward for SMEs is to work together with the CSA to improve their own and Singapore’s overall cyber resilience.