Serious Cyber Attacks In Singapore Reflect Poor Cyber Security

Uploaded on 2019-10-21 in FREE TO VIEW

Cyber company breaches are becoming very common yet cyber security is not as good as it should be. A recent report by a cyber security firm Carbon Black, showed that as many as 96 per cent of organisations in Singapore have had at least one breach in the past 12 months due to external cyber-attacks.

Carbon Black’s second edition of the Singapore Threat Report, released on this month, also showed that close to half of the companies affected by data breaches incurred financial losses, while around eight in 10 saw their reputation taking a hit.

The report was based on a survey of more than 250 chief information officers, chief technology officers and chief information security officers (CIOs, CTOs and CISOs) working across a range of sectors here. They are from the financial, healthcare, government, retail, manufacturing, food and beverage (F&B), utilities, professional services, and media and entertainment sectors.

  • Of the organisations surveyed, 96 per cent said that they had suffered one or more breaches in the past 12 months due to external cyber-attacks. This percentage has not changed since the previous survey results were released in January this year. 
  • Of those that had experienced a cyber-attack, 48 per cent said that there was “negative financial impact” while 83 per cent reported damage to their reputation.
  • Furthermore, 93 per cent of these organisations reported an increase in cyber-attacks in the past year, marginally more than 92 per cent of the respondents in the previous survey. Predominantly, these were government organisations and authorities, as well as F&B businesses.

In terms of the sophistication of the attacks, just over nine in 10 of respondents said that the threats they were experiencing had grown in complexity.

This was most prevalent in the financial services sector, with 93 per cent of the firms reporting that cyber-attacks have become more sophisticated.

Challenges and Concerns

A key challenge reported by businesses is that while they would like bigger teams to combat cyber-attacks, 67 per cent of them said that recruiting and training cyber security personnel has become more difficult in the last 12 months. Nearly half (44 per cent) of financial services companies reported that recruitment challenges have become a lot more severe, while almost two-thirds of government organisations and local authorities reported a little more difficulty in recruiting.

Carbon Black’s report added that 98 per cent of CIOs and CISOs surveyed are concerned about how digital transformation projects and the roll-out of the 5G network would affect cyber security. Some were concerned that these changes would see more effective and destructive methods of cyber-crime happening (55 per cent), while others (54 per cent) thought that it would give more opportunities for cyber criminals to attack their organisations.

The top three types of cyber-attacks encountered by organisations in the past 12 months were:

1. Ransomware (15 per cent). Ransomware, used commonly by hackers to steal data, remained the most frequently used technique. In the previous survey, 28 per cent of the attacks were from ransomware. Hackers generally cut off access to the IT system and steal data until a ransom is paid before the attacker will unlock access. 

Carbon Black said that ransomware has been reported as the primary cause of successful breaches in 29 per cent of Singapore organisations, compared with 26 per cent in its January report.

The companies most affected by ransomware attacks were those in travel and transport (75 per cent) as well as financial services (49 per cent).

2. Fileless attacks (13 per cent). This is a malicious attack that does not require the hacker to install a software in the user’s device. Instead, it makes use of applications that are already installed which are thought to be safe.
 
3. Malware (13 per cent). This form of attack requires the installation of malicious software, which can be done through physical USB drives, computer viruses, worms, Trojan horses or spyware.

Reasons for Cyber Attacks

Carbon Black’s security strategist, Mr Tristan Morris, said that geopolitical tensions and money are two reasons why Singapore businesses are witnessing an increase in cyber-attack volumes and sophistication. “Geopolitical tension continue to play out in cyber space with nation states like Russia, China, North Korea and Iran looking to exert their influence over the world,” Mr Morris said.

Cyber-crime syndicates and run-of-the-mill hackers are also getting their hands on advanced hacking tools in an effort to steal data and other intellectual property for sale on the dark web. When it comes to the levels of sophistication, he said that attackers are “evolving” alongside security technology in an effort to remain undetected.

Mr Tom Kellermann, Carbon Black’s cyber security officer, offered another reason, saying that a large number of banks from around the world are located in Singapore and, globally, the finance industry continues to be a main target for attacks.

Investment in Cyber Security

The report stated that 99 per cent of the respondents plan to increase the cyber-defence budget for their respective companies in the coming year. This is a slight increase of 2 per cent since the January survey. Just under half of the respondents (40 per cent) said that they will increase spending in this area by 21 to 30 per cent. Only 2 per cent of the respondents said that they plan to increase budgets by more than 50 per cent.

Threat Hunting as a Defence

Carbon Black said that threat hunting, a technique where cybersecurity professionals actively seek out threats, has proved to be an effective method for companies in Singapore to uncover malicious cyber-attack activity. During the survey, 95 per cent of the respondents said that it had strengthened their defences to some degree, with 40.5 per cent reporting a “significant protective effect”.

The report also noted that 91 per cent of the respondents found evidence of malicious activity by threat hunting, while 49 per cent said that they found “significant evidence”The top three sectors that saw evidence of malicious cyber-attack activity were travel and transport (75 per cent), F&B (73 per cent) and professional services (61 per cent).

Singapore Today

You Might Also Read: 

Cyber Security Does Not Follow From Cyber Awareness:

Singapore Upgrades Cybersecurity:

 

« Warning For Pilots To Counter Airborne Hacking
AI Security Tool Thinks Much Faster Than Humans »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

ZeroGPT

ZeroGPT

ZeroGPT.com stands at the forefront of AI detection tools, specializing in the precise identification of ChatGPT-generated text.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.