As the world becomes increasingly interconnected, businesses and individuals alike are becoming reliant on cyberspace as they work, live and play. But how safe are those connections? And how safe is that space?
In the light of cyber security issues like the SingHealth data leak, companies need to pay more attention to cyber security threats to stay protected. As threats evolve over time, companies and entrepreneurs need also to evolve to always remain at least one step ahead of hackers. In fact, cyber security has grown to involve insurance that covers businesses during the course of daily operations. Sandra Yeow, founder of IT consultancy firm Nucleo Consulting, started a cyber security awareness course as well as introduced cybersecurity insurance in Singapore.
She explains: “Through the years, we realised that the general level of cybersecurity awareness remains low, so we started a Cybersecurity Awareness Course. It is the first full e-learning Cybersecurity Awareness Course in Singapore that is in an interactive format, suitable for employees and the general public with a low level of IT awareness. On top of that, we also partnered up with an insurance firm that provides cybersecurity insurance to our clients.”
According to the Cyber Security Agency of Singapore, email impersonation scams cost businesses nearly $58 million in 2018 and the total number of such cases rose by 14 per cent to 378, from 332 in 2017. There were also 2,125 e-commerce scams reported on 2018, in which victims lost a total of $1.9 million.
Although the phishing, ransomware, command and control servers and website defacement are amongst the types of common cybercrime that were in decline, the greatest issue now, according to the Cyber Security Agency of Singapore, is the threat of data breaches into computer databases which hold huge amounts of personal and private information.
So how important is it for a company to protect itself against cyberattacks?
Speaking to D:CODE, Sandra says: “On a scale of 1 to 10 with 10 being the most important, I would rate it as 11, especially if their business deals with personal data or have to comply with some government regulations. Data breach fines are quite heavy these days and having good and proper IT security in place not just means that that their employees can work in a more secure environment, but their clients can also trust them with information given to them. It gives the business a better reputation, too.”
With the increasing emphasis on protecting the personal data of clients, this boils down to preventing data breaches at the first line of defence.
In fact, Today reported earlier this year that the human factor as the first line of defence was the weakest when it comes to data breaches.
“Investing in an IT security solution is a start, but humans remain the weakest link in cybersecurity defence. Ensure that proper solutions are in place in case of cyber emergencies, and continuously train all employees to be alert for scams, which are getting increasingly complicated,” says Sandra.
A large part of the problem is the lack of awareness, according to Sandra. She says: “While there are data breaches of a malicious nature, most unintentional data breaches are caused by a lack of education. Business owners can increase the overall level of cybersecurity awareness in the organisation by sending their employees for related courses, such as our Cybersecurity Awareness Course. This will teach employees to identify potential scams and minimise the possibility of data breaches.”
And there is no one-size-fits-all solution, adds Sandra.
“The strategy works differently for different business and highly depends on budget as well. The basics would be antivirus, firewall and email encryption. Choosing a good IT company that has a good track record and years of experience that can help to advise them as their business grows is critical,” she says.
“Most, if not all, businesses of today rely on computerised technology to conduct their businesses, be it for their Point-Of-Sale systems (POS), customer relationship management systems, email and so on,” says Sandra. But business owners need to realise that the responsibility of keeping the company safe from cyberattacks does not rest solely with the IT department. Everybody in the company needs to play their part, she insists.
Businesses that Sandra has worked with are also increasingly aware of the risks of IT security. She noted: “We are seeing more and more clients coming to us with due diligence questions and what kind of IT security measures they need to have in place as part of project tenders. That’s how important people view IT security these days.”
Nucleo Consulting, which was started in 2010 with their IT experienced consultants planning IT strategies, IT solutions and project management and IT outsourcing to their clients, now offers a variety of services for cyber security: Nucleo Datto, which is a backup and recovery service with ransomware detection and ensures a quick restore during emergencies to minimise business downtime, Firewall-as-a-service, a subscription based firewall protection of the network against ransomware and Virtu, a subscription based email encryption system that prevents email hijacking and secures email traffic.
Surprisingly, though, their cybersecurity insurance package costs less than $2,000 a year, considering such breaches can cost companies a hefty amount.
“Many small businesses are not aware of how much cost is involved during data breaches. Forensic investigations and legal costs can easily be $500,000 and above. Most SMEs will not be able to fork out this cost. With this cybersecurity insurance that costs less than $2,000 a year, they can protect themselves.”
Cybersecurity insurance thus acts as a final safety net for companies to navigate the complicated terrain of cyberspace without fear of massive financial and data losses. With a full and comprehensive cybersecurity suite, businesses will be poised to survive the vicissitudes of the economic cycles, especially as the current economy shifts towards a digital one.