David Bernstein, President of Bernstein Agency, once said, “For every lock, there is someone out there trying to pick it or break-in.” And it is this scenario that is causing concern among Singapore’s small and medium-sized businesses (SMBs).
Cisco announced a new study at a recent Singapore Virtual Media Roundtable, stating that 40% of SMBs in Singapore experienced a cyber incident in the previous year. As a result of these incidents, 56% of customer information were compromised at the hands of malicious actors.
This is making SMBs in Singapore more concerned about cybersecurity risks, with 67% saying they are more concerned about cybersecurity now than they were a year ago, and 77% saying they are vulnerable to cyber threats. However, SMBs in Singapore are not giving up. In fact, the study emphasises that they are taking strategic measures to improve their cybersecurity posture, such as conducting simulation exercises.
The study, titled ‘Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense,’ is based on an independent, double-blind survey of over 3,700 business and IT leaders with cybersecurity responsibilities in 14 Asia Pacific markets. According to the survey, SMBs witnessed a plethora of ways in which attackers attempted to infiltrate their systems.
Juan Huat Koo, Director, Cybersecurity, ASEAN, Cisco, said that “85% of respondents in APJC and 79% of respondents in Singapore are affected by malware that is coming into the environment from a cybersecurity perspective. [And] phishing comes second in the list with 70% [respectively for both APJC and Singapore]. [While] denial of service attack comes third with 64% in APJC and 56% in Singapore.”
These incidents are having a real impact on Singapore’s SMBs. According to the report, more than half of the SMBs in Singapore that suffered cyber incidents in the past 12 months said that these cost the business USD $500,000 or more, with 11% saying that the cost was USD $1 million or more.
Besides the loss of customer data, SMBs that suffered a cyber incident also lost employee data (51%), financial information (51%) and sensitive business information (41%). In addition, it was also reported that 93% of SMBs who experience a downtime of more than an hour experience a severe operational disruption, with 90% reporting a loss of revenue.
Andy Lee, Managing Director, Singapore and Brunei, Cisco, said that “8% of SMBs in Singapore are able to detect a cyber incident within an hour and even lesser to be able to remediate a cyber incident within our hour at 5%.” This is concerning, and it leads him to believe that the longer the attackers can assess the system, the more things they tend to steal.
SMBs Will not Stand Still
The good news is that small and medium-sized businesses (SMBs) are taking action. Cisco’s study found that while SMBs in Singapore are more concerned about cybersecurity risks and challenges, they are also taking a proactive approach to understanding and improving their cybersecurity posture through strategic initiatives. According to the study, 72% of Singapore SMBs completed scenario planning and/or simulations for potential cybersecurity incidents in the previous 12 months, with 82% reporting that simulation exercises revealed weaknesses.
Of those who identified flaws, 92% said they lacked the necessary technology to detect a cyber attack or threat. While 94% said they had too many technologies and struggled to integrate them.
“Meanwhile, 90% said that they discovered that they did not have clear processes in place on how to respond when they have a cyber security attack or track. This is absolutely critical because we all know that it’s never the crisis that hurts you but it’s how you respond to it that determines the expense of its impact,” said Andy.
The good news is that SMBs are generally investing heavily in cybersecurity. Andy stated that these investments are not only well distributed but also aligned with help addressing cybersecurity challenges, such as cybersecurity solutions, training, talent, compliance and monitoring tools, and insurance, implying a strong understanding of the need for a multi-faceted and integrated approach to building a strong cyber posture.
Furthermore, Juan Huat concluded the session by emphasising the recommendations that organisations of all sizes can use to improve their cybersecurity posture in the face of an ever-changing landscape. These include:
Having frequent discussions with senior leaders and all stakeholders.
Taking a simplified, integrated approach to cybersecurity.
Remaining prepared through real-world simulations.
Training and educating employees.
Collaborating with the right technology partner.
Based on these rising statistics and points of discussion during the briefing, Cisco executives made it abundantly clear that SMBs can no longer afford to rest on their laurels and take cybersecurity lightly. Especially as criminal hacker groups become more sophisticated in their cyber attack strategy, it is critical for organisations to analyse their mitigation strategy, be vigilant, and train their employees.