The cybersecurity landscape in Singapore and the wider Asia-Pacific region continues to evolve, and the past two years have brought some of the worst cyberattacks we have seen to this day.
In 2018, Singapore suffered an unprecedented attack on its public healthcare IT systems that compromised the personal data of about 160,000 patients. The attack followed similar data exfiltration efforts in other countries across the region, including the massive data breach that hit Malaysian telcos in 2017. In addition, ransomware attacks like WannaCry and NotPeya reminded us that no business is truly safe from attack.
Cybersecurity remains a serious issue in Singapore, as noted by Singapore’s Government which recently added Digital Defence as the sixth pillar of its Total Defence framework, highlighting the threat that cyber attacks and disinformation pose, and the importance of cybersecurity for the nation.
Yet despite all this, in its last public awareness survey, Singapore’s Cyber Security Agency (CSA) indicated that many Singaporeans are still complacent when it came to cyber-security issues.
Of the 2,035 respondents polled, about one-third stored their passwords in their computers, wrote them down or used the same password for work and personal accounts.
The survey also revealed a slight dip in the respondents’ levels of concern towards cyber threats, while over half of the respondents felt that cyberattacks such as malware and online scams would not happen to them.
There is no easing of the situation in sight and the success of cyber criminals is favoured by several factors, including their tendency to target the weakest links in business – AKA the end users. On the other hand, the companies concerned often have no strategy and rely on inadequate individual solutions to defend themselves against attacks.
But how should companies and their IT consultants address these problems? Here are three steps to drastically reduce the cyber threat:
1. Education all the way!
The most popular gateway for malware is still email. But infected websites and clickbait are also very popular with cyber criminals. With regular and compulsory training for their employees, companies can make a decisive contribution to curbing one of the main causes of successful attacks. External IT consultants should include phishing awareness campaigns, etc., in their service offerings to keep their customers up-to-date and proactively take necessary action.
2. Don’t forget to patch!
It goes without saying, but professional patch management can go a long way in closing pesky security gaps in the network - therefore significantly reducing the attack surface for criminals. For effective patch management, IT experts use RMM tools (remote monitoring & management) to install updates on each device. The latest generation of RMM tools offers automated patch management for third-party software. This ensures that the company's end devices are automatically updated as soon as security gaps are detected and closed. For external IT service providers, a first-class RMM solution is a sure-fire way to ensure the IT security of their customers.
3. Business must go on…
Prevention is always better than remediation, however as the threat landscape continues to evolve and cybercriminals advance their tactics, the likelihood is that those who want to get in will get in. This makes it essential to have the right solutions in place to safeguard your system in the worst-case scenario. For most businesses – that means data and their ability to continue to serve their customers without interruption. Guaranteeing business continuity is the ideal – so having a good business continuity and back-up solution in place to get you back up and running ASAP following an attack should be high up on your priority list.