Keeping the digital virus away

With cybercriminals capitalising on the COVID-19 pandemic, White Ops’ Ryan Murray argues now is the time to boost community immunity amongst Singaporean businesses.

As the end of the circuit breaker sees Singaporeans attempt to get their lives and businesses back on track, another unseen virus lurks in the background ready to strike.

This was the fear recently expressed by Singapore’s Deputy Prime Minister Heng Swee Keat, referring to the ominous threat of cybercrime — the so-called “digital virus”.

And he is right to be concerned: cybercrime cases in Singapore jumped by more than a half last year, and now the COVID-19 pandemic has given hackers even more ammunition to exploit users’ vulnerabilities.

But whilst Singapore itself has set aside $1b over the next three years to tackle the problem, there are many active steps individual businesses can take to build and ingrain a cybersecurity culture from within.

A digital check-up
In terms of the nitty-gritty measures, protecting your organisation is no longer a simple case of installing anti-virus software and forgetting about it. The sophistication of hackers’ attacks means all gaps must be secured, monitored, and ready to react to any suspicious activity.

The first step in this process is to install a virtual private network (VPN) and set multi-factor authentication for all accounts and connections. And then stay on top of it: keep up-to-date with all VPN, applications, browsers, network infrastructures, and endpoint devices, testing your security protection regularly. Alongside this, protect your data by managing all users’ privileges.

The Singaporean Government also recommends frequently changing access passwords and urges business leaders to remind their employees of this regularly.

As more and more organisations adapt to the new normal of doing business via video conferencing, more gaps open up for cybercriminals. Zoom stepped up their security controls during the initial months of the pandemic as new users joined and rival video conferencing vendors like Microsoft Teams and Google Meets were quick to talk up their own safety credentials.

However, businesses themselves can be more proactive in preventing threats from video meetings. The Cyber Security Agency of Singapore (CSA) recommends using the latest versions of all conferencing software and securing all meetings via user identification and passwords. Other steps include managing meeting access and controlling meeting functions. The CSA also advises not to share any private or sensitive information or documents, only enabling file-sharing or recording if necessary.

In addition to these areas, businesses should also be wary of sophisticated cyber bot attacks, which mimic human behaviour by hijacking browser history and activity when visiting websites to commit fraud. Since these bots look and act just like humans, click on ads, fill out forms, take over accounts, and commit payment fraud, evading and overwhelm current bot detection methodologies. A new multilayered detection approach is needed to detect, prevent, and outwit bot populations of every level of sophistication with unrivaled accuracy.

Cultivating a cybersecurity culture
However, businesses cannot rely on protective tactics alone. Unless security and data sanctity is at the forefront of all employees’ minds, cybercriminals will find a way through.

One of the most common methods used by criminals is phishing attacks, where an attacker impersonates trusted organisations and individuals to steal sensitive data from victims. Last year, the number of phishing URLs detected by CSA skyrocketed by around 200 percent to 47,500.

Cybersecurity software can only go so far in preventing infiltration via phishing: the onus is on both the employees themselves to be vigilant and their employers to educate them on how to spot a suspicious email.

Ahead of a return to full normality, communicating these security practices is more critical than ever. It’s all too easy to become complacent whilst working from home. As a best practice, managers should remind employees to update their firmware and only use secure, password-protected networks, including VPNs. Even simply telling teams to shut down their computers after use is essential, as that allows the devices to install updates.

From a reactive standpoint, leaders should also ensure all teams understand the risks of a successful breach. The most deadly of these, Ransomware attacks, were said to have affected 83 percent of Singapore businesses in 2018.

These incidents, which consist of malware that prevents or limits users from accessing their system unless a ransom is paid, are costing businesses an average of US$730,000 in lost activity and downtime. As such, it is imperative to train employees in understanding the implications of these potential threats and how to handle these should a breach occur.

Few know what lies around the corner in terms of the coronavirus given the unpredictability of outbreaks. As such, any cybersecurity culture should be readily adapted to changing business needs.

Singapore can be proud of being a highly digital society: one that has adapted well to using digital tools to fight COVID-19 and maintain a business-as-usual approach. But now is not the time to be complacent: businesses must be extra vigilant and continue to be post-COVID. Because, once the digital virus infects, there is no stopping the spread.