Treading the cybersecurity quicksand: a guide for SMEs and startups

Edmund How, Founder, ONESECURE

The Cyber Security Agency of Singapore (CSA) reported a staggering 175% increase in phishing attacks from the 3,100 attempts reported in 2021. Over half of these attacks are specifically targeted at businesses, with scammers attempting to deceive employees through fraudulent emails and unassuming ransomware.

As technology progresses and cyberattacks continue to evolve, SMEs and startups that lack the facilities and resources in terms of skilled manpower and security technology are finding themselves in a far more vulnerable position than ever before.

In fact, two in five SMEs have suffered a cyber incident in the past year, with 56% of these incidents seeing customers lose information to the hands of malicious actors.

And this wave of cybercrimes is only set to exacerbate further with the growing influence of artificial intelligence (AI), which has unlocked new possibilities for cybercriminals as information is now being traded across the web for AI-generated services. Not to mention the rise of hybrid working and work-from-home schemes, which present further complications for SMEs, as data becomes more vulnerable.

In exchange for efficiency, we have unintentionally opened doors for a multitude of cyber threats. Today, over 70% of SMEs in Singapore feel underprepared for a cyberattack. But only 26% of SMEs have cyber insurance to cover their losses. It is clear that SMEs are the most vulnerable when it comes to cybercrime.

Having worked with over 100 SMEs and large-scale enterprises in Singapore over the past decade, I believe that cyber protection does not have to be an insurmountable challenge for small and medium-sized businesses (SMEs) and startups.

In fact, it only takes small (but consistent) steps to safeguard data and assets in the face of rising cyber threats. But the key is taking the first step, and taking ownership of the company’s cybersecurity defences. This means starting from the ground up.

Invest Time in Employee Training

As they say, a team is only as strong as its weakest link. One of the most effective ways to fortify a business against phishing attacks is through regular employee training across the board. Employees should develop a culture of scepticism towards emails and requests, and learn to identify common cyber threats such as phishing attacks and social engineering attempts as they arise.

By learning how to spot regular patterns through simulated phishing attacks, modular cybersecurity courses or workshops, employees can learn to recognise and report fraudulent emails, helping the company respond to breaches in real-time. These training programs are readily available online and Managed Security Service Providers such as ONESECURE also offer hands-on training for internal cybersecurity teams to help them navigate and tackle security threats and vulnerabilities.

Invest in Cybersecurity Insurance

Recent reports indicate that small and medium-sized businesses account for 43% of all cyberattacks in Singapore, resulting in an average loss of $25,000 due to ransomware and phishing attacks.

But shockingly, only 26% of Singaporean SMEs have cybersecurity insurance, leaving them vulnerable to significant financial losses when cyber attackers strike. In the near future, cybersecurity insurance is set to become an industry standard to help companies cover their losses.

As such, it is no longer a want but a need for startups and SMEs to allocate a considerable portion of their budget to cybersecurity insurance, particularly in the areas of third-party protection and remediation.

Invest in Global Cybersecurity Solutions

As cybercrimes become increasingly sophisticated, it is also imperative that the business’ defence measures keep pace. Small businesses often lack the resources to establish a robust in-house cybersecurity team.

This is where Managed Security Service Providers come into play, offering smaller companies access to world-class cybersecurity solutions at a fraction of the cost. Beyond that, it is also the ability to provide expert advisory services and round-the-clock cybersecurity monitoring that can effectively help to safeguard business against phishing attacks and other cyber threats.

Beyond cost protection, Managed Security Service Providers partner with global security providers to help scale their portfolio of cybersecurity solutions and ensure that they are up to date with ever-evolving cyber threats. With the guidance and support of Managed Security Service Providers, businesses can fortify their defences and stand a better chance against the evolving landscape of cyber threats.

As we contemplate the future of cybersecurity, it is evident that cyber threats will continue to pose increasingly great risks to businesses of all sizes. To thrive in this digital age, companies must remain agile and proactive in safeguarding their data and assets. The rise in phishing attacks in Singapore serves as a stark reminder that every organisation, regardless of its scale, must prioritise cybersecurity.

To navigate the treacherous waters of the digital world, SMEs and startups must invest in employee training, consider cybersecurity insurance, and harness global cybersecurity solutions. These steps can help level the playing field and empower smaller businesses to protect their most valuable assets as they look to scale.

But this is just the beginning.

Cybersecurity is an ongoing journey, a race where staying ahead is the key to success. As we look to the future, the question does not lie in whether cyber threats will persist, but how well-prepared businesses will be in navigating the ever-shifting digital landscape.

By investing in the training of employees, embracing cybersecurity protection and partnering with experts, not only are businesses safeguarding their prospects and growth potential; they are paving the way for a more collaborative and secure future that can allow others to thrive in a world teeming with digital possibilities.