“Singapore aspires to be a Smart Nation. But to be a Smart nation, we must also be a safe, cyber nation,” said Prime Minister Lee Hsien Loong, speaking at the inaugural Singapore International Cyber Week in late 2016.
Indeed as the country rapidly encourages digital transformation across its major economic sectors, its potential vulnerability to cyber-attack increases too.
Yet it is a truism to state that the variety of cyber-threats and their impact is increasing. This has been the state of play for years and is not worth emphasising. Instead, let’s look specifically at the types of threats enterprises in Singapore are likely to see emerging through 2017 and trends causing them:
Ransomware growth rate will slow but attack methods and targets will diversify
2016 was labelled the year of online extortion by security analysts. The emergence of ransomware as a service, gave criminals lacking technical expertise the opportunity to enter the game. As a result, there was a 400% spike in the variety of ransomware families between January to September 2016.
Through 2017, this growth is predicted to slow from 400% to 25%, translating to approximately 15 new families of ransomware each month. Yet this does not mean the threat of ransomware is going away anytime soon.
Cybercriminals will now turn their attention smartphones, industrial environments and non-desktop computing devices such as point-of-sale systems and ATMs. This will continue to be a serious threat for SMEs that lack the capacity to adequately protect their non-desktop endpoints, particularly as they pursue digital transformation in line with the Government’s Industry Transformation Maps.
IoT devices and industrial IoT systems will play a bigger role in cyber-attacks
As more IoT devices enter the digital eco-system for business and personal use, cybercriminals will make greater use of them to conduct massive DDoS attacks, or leverage industrial IoT devices for highly targeted attacks against a single network.
Whilst some vendors will add security features to their IoT devices and use this as a selling point, many will not, instead favouring low cost devices, meaning that there will still a large and growing number of controllable IoT devices connected to the web.
In the case of industrial IoT devices specifically, organisations that choose to leverage them to increase productivity risk exposing themselves to targeted cyber-attacks and disruption. The Singapore government has already identified this risk in its Cybersecurity Strategy, a topic that will remain a key focus through 2017 and onwards.
The simplicity of business email compromise attacks will increase targeted scams
One of the newest cybersecurity terms to familiarise yourself with is business email compromise (BEC). This is where an organisation’s finance department is tricked into transferring funds to a cybercriminal’s account.
Sign up for MIS Asia eNewsletters.