(Photo by Roslan RAHMAN / AFP)

How prepared are Singaporean SMEs to deal with cyber attacks?

SMEs are still facing cyber attacks despite improving their cybersecurity protection. According to Cisco’s Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense study, one in two SMEs across the Asia Pacific suffered a cyber incident in the past year.

Looking specifically at Singapore, two in five SMEs have suffered a cyber incident in the past year, with 56% of these incidents seeing customers lose information to the hands of malicious actors. While Singapore’s figures are slightly better compared to the rest of the region, the reality is, SMEs are still having to deal with cyber attacks.

Interestingly, the study also showed that SMEs in Singapore are more apprehensive about cybersecurity risks, with 67% saying they are more worried about cybersecurity now than they were 12 months ago, and 77% saying they feel exposed to cyber threats. However, they are not giving up. The study highlights that SMEs in Singapore are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.

This is particularly timely as Singapore has once again required businesses to have their employees work remotely due to a resurgence of COVID-19 cases. While its uncertain how the move will affect businesses, Andy Lee, Managing Director, Cisco, Singapore, and Brunei, believes that most businesses are now well prepared to deal with the changes.

For Andy, the previous remote working conditions would have given businesses enough time and experience to be better prepared to cope with remote working. However, Andy also feels that SMEs still need to ensure they are putting to practice the best cybersecurity measures and keeping tabs on their remote working employees.

(Photo by Roslan RAHMAN / AFP)

“SMEs in Singapore have digitalized rapidly over the last 18 months, driven by the need to leverage technology to survive and thrive in this challenging environment. This has in turn fueled a critical need for SMEs to ensure they have the solutions and capabilities to safeguard themselves on the cybersecurity front.

This is because the more digital they become, the more attractive a target they are for malicious actors. While the growing cybersecurity concerns among SMEs may be seen as negative by some, it is actually an encouraging sign as it demonstrates increased levels of awareness and understanding of cyber risks, which is the first step in improving the security posture,” said Andy.

Phishing and malware cyber attacks are still a big problem

In fact, the report showed that malware and phishing continue to be common threats being faced by businesses. Malware attacks, which affected 79% of SMEs in Singapore, topped the charts, followed by phishing, with 70% saying they experienced such attacks in the past year.

The problem that arises from these attacks has seen severe revenue disruption for SMEs. 52% of SMEs admitted that cyber-attacks have had a negative impact on their reputation. Disruptions caused by cyber incidents can have serious implications for SMEs with nine in ten Singaporean SMEs saying a downtime of anything more than an hour result in severe operational disruption, and 90% said it would result in loss of revenue.

Affected businesses also said a downtime of more than a day would result in a permanent closure of their organization. Despite these significant implications to business, only 8% of respondents in Singapore said they can detect a cyber incident within an hour. The number of those that can remediate a cyber incident within an hour is even lower at 5%.

And this is where the problem really begins. How do businesses, especially SMEs know that they have been attacked or suffered a data breach? Ransomware and DDoS attacks will normally ask for ransom, but other forms of attack may leave the business unaware until significant damage is made.

“We are living in a world where customers seek instant gratification. They no longer have the patience for lengthy downtimes. SMEs must be able to detect, investigate, and block or remediate any cyber incident in the shortest time possible. To be able to do that, they need the right technologies and ensure that all the solutions they have to integrate well with each other. This can be achieved by having clear visibility across their userbase and entire IT infrastructure and taking a platform approach to cybersecurity,” said Juan Huat Koo, Director, Cybersecurity, Cisco, ASEAN.

Increasing cybersecurity investment

But then again, how much cybersecurity can SMEs afford to invest in? Most of these businesses are already facing losses and struggling to cope due to the pandemic. For them, it is more of a question of survival instead of protection. Many had trouble integrating security together while 94% said they had the right technologies in place, but not enough employees with the right skills to leverage them.

However, despite this, 80% of SMEs in Singapore have increased their investment in cybersecurity since the start of the pandemic. These investments are well distributed across areas such as cybersecurity solutions, compliance or monitoring, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a strong cyber posture.

In the Asia Pacific, 81% of SMEs have also completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months and the majority have a cyber response (81%) and recovery plans (82%) in place. Investments in the region have also increased with two in five SMEs increasing their investments by more than 5%.

At the end of the day, SMEs need to ensure they have adequate cybersecurity to protect their company. Remote working employees are vulnerabilities that should have been dealt with, given the fact the remote working is the new normal. While humans are often considered the weakest link, even a simple email spam detection software from cyber attacks may just make a difference for an SME.

It is not going to be easy to run a business remotely. But if SMEs have done it before, they can surely do it again, provided they take the right steps in securing their business and ensuring continuity.