Since the outbreak of COVID-19 earlier this year, the Singapore Government has introduced a raft of measures designed to encourage small and medium businesses (SMBs) digitalise.
Over S$500 million dollars were earmarked in the Government’s Fortitude Budget in May, with financial incentives dangled to encourage businesses to adopt e-payment, e-invoicing and other business process solutions.
Together, these initiatives have dovetailed well with existing programmes such as the Infocomm Media Development Authority’s (IMDA) Go Secure campaign which carries provisions to help SMBs adopt cybersecurity solutions and gain access to vulnerability assessment services.
While some statistics have painted a rosy picture of SMBs successfully digitalising during these difficult times, others have reported that the take-up rate has been slower for them.
For example, the results of the SMB Digital Transformation Study that were published in October showed that only two in five SMBs perceived their efforts to be successful, with 54 per cent blaming the COVID-19 outbreak for slowing their digital transformation plans, and 56 per cent saying that it was too expensive to digitalise.
With cash flow being a perennial problem for SMBs in Singapore when it comes to digitalisation, it is also equally important to pay attention to cybersecurity threats which can also result in significant financial losses as well.
According to Kaspersky’s latest statistics, cybercriminals targeting small and medium businesses in Singapore spent their months seeding phishing emails proactively.
The global cybersecurity company’s anti-phishing software applications prevented 89,351 phishing attempts against companies with 50-250 employees, a 60.5 per cent increase compared with the same period last year.
These statistics support the Singapore Police Force’s (SPF) recent announcement that the total number of banking-related phishing scams was recorded as the fourth-highest number of reported cases among all scam types, with the amount of financial loss increasing from S$93,000 to S$3.6 million in the first half of this year compared with the same time period last year.
In addition to phishing attacks, Kaspersky also detected 14,141 cryptomining attempts on Singapore SMBs in the first half of this year, an 89.7 per cent increase when compared with the same time period in 2019.
Cryptomining is the unauthorised use of someone else’s computer to mine cryptocurrency. This is also known as malicious mining. Cybercriminals use a variety of covert means to install mining programs on other people’s computers and take all the profits from cryptocurrency mining without incurring equipment or electricity costs.
In addition to the above, cryptomining can also overwhelm a system that causes severe performance problems.
“While SMBs in Singapore have made some progress when it comes to digitalising their business operations, the latest statistics have shown that significant challenges in the form of tightening purse belts continue to pose the greatest obstacle in helping them realise the full potential of their digitalisation drive,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Mr Yeo continued, “SMBs today are caught in a precarious situation where the inability to digitalise fully may create the unintended risk of rendering them more susceptible to cyberattacks – just because they do not have enough funding.
“Hence, there is an urgent need to raise awareness on how to use technology smartly in a way that addresses their needs and enables them to achieve their business objectives, done in a cost-effective and accessible manner. Budget-friendly solutions such as KEDRO could help mitigate some of the challenges SMBs are facing, by providing comprehensive protection as they step up their digitalisation efforts.”
Kaspersky experts recommend the following tips for SMBs to build up their cyber-resilience during COVID-19:
- Any website that requests or processes user data must have an SSL certificate, and almost all browsers warn users that sites without an SSL certificate are insecure. Hence it is important to renew the corporate site security certificate on a regular basis.
- Update your router firmware regularly to prevent cybercriminals from exploiting the old firmware to infiltrate your corporate network.
- Audit your account privileges regularly. Employees who are no longer working at your company should not have access to your data.
- Back up your data frequently to protect it from wipers, ransomware, careless employees, and other hazards.
- Use cost-effective security solutions. With cybercriminals becoming more sophisticated in bypassing existing protection, there is a need for you to protect your endpoints on your corporate network.