Many SMEs vulnerable to IT breaches like SingHealth's
Many need to step up on endpoint security and have active defence mechanism in place
Many small and medium-sized enterprises (SMEs) here are vulnerable to breaches like the one committed on SingHealth's IT system, as they do not have defence software that can monitor sophisticated cyber attacks, Association of Small & Medium Enterprises president Kurt Wee warned.
Numerous SMEs, especially those that do not have some active defence mechanism in place, have fallen prey to ransomware, a form of malware that denies accounts access to their data until a ransom is paid.
Those at risk include companies with high-value intellectual property, large financial databases and prototype designs, or that are electronic installation contractors and credit card transaction processing companies, Mr Wee noted.
As the dust settles on the "most serious breach of personal data" in Singapore's history, industry experts caution that many businesses need to step up on endpoint security.
An endpoint is a device that is connected to an organisation's network, which can include desktops, servers and tablets.
While many SMEs have antivirus protection and software or physical firewalls, those are not enough, Mr Wee said.
Cyber-security threats are likely to increase as more enterprises move to the cloud.
Many SMEs that rely on party file storage and cloud-based sharing platforms are vulnerable as any data stored and accessed on the Internet is vulnerable to hacking, he added.
Delinking full Internet access to employees will reduce the possibility of cyber attacks.
But Mr Kowsik Guruswamy, chief technology officer at Menlo Security, said this "may not be a viable option as it creates significant overhead as well as loss in productivity".
"Organisations should look into solutions that provide end-to-end security of various platforms... at any given moment."
Cybercrime damage arising from intellectual property theft, wire transfer fraud or destructive attacks are estimated at more than US$1 trillion (S$1.36 trillion) globally, said Mr Tom Kellerman of cyber-security company Carbon Black. The Singapore financial sector is a prime target partly as large European and American financial institutions have network operation centres here, he said.
Cyber-security threats will only get more complex, said Mr Leonard Cheong, managing director of cyber-security consultant AdNovum Singapore.
"Financial and healthcare institutions hold data such as IC numbers, phone numbers, addresses and credit card information, which attackers can either sell or leverage for underhanded use... more industries such as last-mile logistics and travel could also be affected," he said.
Financial records sell in dark Web forums for US$22, healthcare records for US$70 and credit card data for US$3 to US$5, Mr Kellerman said.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now
