sb-as logo
Story image

96% of Singaporean businesses breached in the past year

05 Apr 2019

Findings from a new survey have provided some food for thought in Singapore.

According to the Carbon Black report based off survey responses from 250 Singaporean CIOs, CTOs, and CISOs in January this year, a staggering 96% have been breached in the last 12 months.

Some other key findings include:

  • 3.98 is the average number of reported breaches per organisation
  • 92% have seen an increase in attack volumes
  • 95% say attacks have become more sophisticated
  • 97% plan to increase spending on cybersecurity

Despite being on the decline around the world, in Singapore ransomware is the most prolific method of attack, with 28% of organisations naming it the most frequently encountered. Malware and Google Drive (cloud data breach) were in second and third place at 25% and 11% respectively.

However, the human factor plays a big part in the attacks that lead to breaches, as phishing attacks are at the root of 14% of successful breaches. Process weakness was the identified cause in 12% of breaches, indicating that basic security hygiene should still be considered a priority by organisations.

In terms of industry, it was financial institutions that suffered the greatest growth in attack sophistication with 63% reporting that attacks had grown increasingly sophisticated.

Meanwhile, nearly two-thirds of businesses in the manufacturing and engineering industry have been breached three to five times in the past 12 months. Third-party applications and ransomware pose the greatest threats to this sector (both 23%), as these tactics were the primary causes of successful breaches.

Moving forward, 79% of surveyed Singaporean organisations said they are actively threat hunting, with over a third (34%) having threat hunted for more than one year, while 46% said they have started in the past year.

What is encouraging, Carbon Black security strategy head Rick McElroy says, is that 94% of those organisations report that threat hunting has strengthened their defences and 41% said that it has significantly strengthened their defences.

"Our first Singaporean threat report indicates that organisations in Singapore are under intense pressure from escalating cyberattacks," says McElroy

"The research indicates increases across the board in attack volume and sophistication, causing frequent breaches. In response, an encouraging number of Singaporean organisations are adopting threat hunting and seeing positive results. As threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.''

Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Evolving threat landscape top priority for security and risk leaders
"COVID-19 has proved how rapidly and how drastically such risks can change."More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Yubico rolls out subscription service for hardware authentication keys
“With immediate success from the initial roll out in the US and Canada, we are proud to now offer YubiEnterprise Subscription to our APAC channel partners.” More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More