In what may be a wake-up call for some companies, Singapore has the unwelcome distinction of being ranked 6th globally for having the most databases exposed to the web .
Part of the problem is that more people worked remotely through the pandemic – and it a trend that has continued. Robert Half’s Singapore Salary Guide confirms that 58% of Singaporeans are now working at home at least once a week . This is seeing corporate networks become more complex and extended, thereby heightening cyber-security risks.
The latest cyber-security risks for business
Cyber-risk is something no company in Singapore can afford to underestimate.
A recent report by the Cyber Security Agency of Singapore (CSA) highlighted the ongoing cyber threats facing companies in Singapore.
The CSA found:
- Ransomware attacks in Singapore rose 54% in 2021 compared to 2020.
- 55,000 unique Singapore-hosted phishing URLs (with a “.SG” domain) were observed in 2021 – an increase of 17% on the previous year.
- In 2021, CSA observed 3,300 malicious Command and Control (C&C) servers hosted in Singapore – more than triple the number in 2020.
- Over 400 ‘.sg’ websites were defaced in 2021, with the majority of victims being small and medium enterprises.
- The Singapore Police Force notes that cybercrime remains a key concern, with 22,219 reported cyber-crime cases in 2021, a 38% increase from 2020.
The potential for extensive financial damage
Failing to take action to address cyber-security risks for business can come at a tremendous price. And the damage bill can extend beyond the cost of disruption to trading activities.
Earlier in 2022, Singapore’s Minister for Communications and Information and Minister-in-Charge of Cybersecurity, Mrs Josephine Teo, announced increased maximum penalties for data breaches by companies under the Personal Data Protection Act (PDPA) .
From 1 October 2022, organisations which breach the PDPA may face penalties of up to 10% of annual turnover in Singapore or $1 million, whichever is higher.
5 strategies to protect against cyber-security risks
The bottom line is that cyber-security is no longer an issue that businesses in Singapore can treat as an afterthought.
Rather than waiting for a cyber-attack, it pays to assume your company will be targeted, and plan accordingly.
The catch is that cyber-security risks for business are constantly evolving. So, companies in Singapore need to evolve also, and embrace new strategies to improve their cyber-defences.
Here are five steps your company can take to avoid becoming the next victim of cyber-crime in Singapore.
1. Have cyber-security specialists on your team
Hiring professionals who specialise in cyber-security gives your company the frontline talent needed to have the right defences in place – and mechanisms tailored to your organisation.
As a guide, Robert Half is experiencing strong demand across Singapore for security architects, cyber security (or vulnerability) analysts and even C-Suite positions such as Chief Information Security Officers.
Having skilled security experts on your team allows the company to take a proactive approach to cyber-security risks for business and respond quickly in the event of an attack.
2. Upskill all staff
Cyber-security is a company-wide issue, and the increased use of technology in the workplace, coupled with the use of digital devices in remote workplaces, means every employee can contribute to cyber-security risks for business – or play their role protecting the business.
Every staff member needs to be encouraged to support cyber-security by knowing the risks and adopting appropriate behaviours to maximise cyber-security. This can include knowing who to contact in the event of a security breach, and only using work emails for business purposes.
3. Continually refresh company security policies
As the CSA notes, employees “are the first line of defence for their organisation’s cyber-security." But your team alone is not enough.
As cyber-threats continue to evolve, it is critical to regularly review and update cyber-security policies across the company. This comes back to the value of hiring professional cyber-security talent, who can manage this task on a timely basis.
4. Audit and update your systems
Cyber-security risks for business can typically be broken down across three main factors: People, processes, and technology. With the right experts in place and updated policies, companies can address the first two factors.
But technology itself needs to be managed. This means ensuring that operating systems and applications are kept up to date, and that network and computing devices are kept secure.
Security notifications and alerts sent from your operating systems, anti-virus software, web browsers and firewalls should all be addressed and actioned immediately.
5. Enhance your cloud security
Cloud computing is becoming the system of choice for many companies in Singapore and taking some simple steps can enhance your cloud security.
Consider whether all your files should be transferred to one cloud. You may decide to use a separate cloud for highly sensitive files.
Be sure to use encryption to secure your cloud systems and protect data whenever it is transferred from one network to another.
Remember to back-up data. Recovery is always far easier when back-ups are in place because of regular scheduled back-ups.
Cyber-security risks for business can be managed
The time to prepare your business against cyber threats is now.
By having the right tools, people and training programs in place, your company will be better placed to navigate threats when they arise.