Singapore sees threefold increase in cyberattacks against SMBs

Photo by Philipp Katzenberger

Kaspersky’s latest statistics for Singapore revealed that small and medium businesses (SMBs) continue to be the target for cyber criminals in the city state.

Between the period of 1H 2023, SMB employees here encountered malware or unwanted software disguised as business applications with approximately 50 unique files being distributed in the time period. This resulted in approximately 453 unique attacks detected.

In comparison, 1H2022 saw only 24 unique files being distributed and 112 unique attacks detected.

Malware, an umbrella term for “malicious software”, is designed by and for professional cybercriminals to cause harm to a user’s device or network. It encompasses a variety of cyber threats such as Trojans and viruses (ransomware is a form of malware).

Malware attacks are destructive to small businesses as they can cripple devices requiring expensive repairs or replacement. Malwares also give attackers a back door to access and steal data, putting both customers and employees at risk.

The SMB Threat Statistics from the Kaspersky Network Security (KSN) telemetry gathered figures from six countries in Southeast Asia. KSN is a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users.

This finding is aligned with the findings of both the Cybersecurity Agency (CSA) and the Singapore Police Force, where in the last quarter, issued joint advisories on Malware ScamsMalicious QR codes and protecting against Malicious Wireless and Wired Connections.  

According to OCBC’s SME Index, whilst the health of SMBs continued to worsen in the second quarter of 2023, business owners continue to remain positive. Kaspersky noted that this uptick in attacks is expected to continue throughout the remainder of the year as SMBs wrap up the fiscal year. Kaspersky experts recommends that SMBs continue to stay vigilant against cyber-attacks and to plan accordingly for the upcoming fiscal year.

Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky said, SMBs continue to be the core of Singapore’s economy. As businesses focus on wrapping up projects for this fiscal year and begin planning for the year ahead, it is prudent to ensure that the good habits that are in place continue to be upheld and to ensure the appropriate infrastructure and additional safety nets are put in place as we enter the final fiscal lap for the year.”

Kaspersky shares below, tips to safeguard one’s business against cyber threats.

As cybercriminals target SMBs with all types of threats — from malware disguised as business software to elaborate phishing and e-mail scams — businesses need to stay on high alert. This is critical, because a single cyberattack can lead to catastrophic financial and reputational losses for a company. To keep your business protected from cyberthreats, we recommend you do the following:

  • Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that they know how to recognize phishing e-mails.
  • Set up a policy to control access to corporate assets, such as e-mail boxes, shared folders and online documents. Keep it up to date and remove access if the employee has left the company or no longer needs the data. Use cloud access security broker software that can help manage and monitor employees’ cloud activity and enforce security policies.
  • Make regular backups of essential data to ensure that corporate information stays safe in an emergency.
  • Provide clear guidelines on the use of external services and resources. Employees should know which tools they should or should not use and why. Any new work software should go through a clearly outlined approval process by IT and other responsible roles.
  • Encourage employees to create strong passwords for all digital services they use and to protect accounts with multi-factor authentication wherever applicable.
  • Use professional services to help you get the most out of your cybersecurity resources.
  • Use a security solution for endpoints and have a comprehensive defensive concept that equips, informs and guides your team in their fight against the most sophisticated and targeted cyberattacks.