Cyber attack volume, breach levels wane in Singapore

Image courtesy of Larry Teo

The threat landscape appears to have plateaued and attack frequency and sophistication have lessened during the past 12 months in Singapore, according to VMware.

However, based on a survey of 251 Singaporean CIOs, CTOs and CISOs, this has still prompted continued investment in cyber defence, with Singaporean businesses already using an average of more than eleven different cybersecurity tools.

Data for the report was compiled in March and April 2020 by Opinion Matters, on behalf of VMware Carbon Black.

Findings show that less than half (43%) of respondents said attack volumes have increased in the last 12 months and 80% said their business has suffered a security breach — at an average of 1.67 breaches — in the last 12 months. 

Also, 90% said they plan to increase cyber defence spending in the coming year. Singaporean companies are using an average of 11 different security technologies to manage their security program.

OS vulnerabilities were the leading cause of breaches, followed by third-party applications breaches and web application attacks.

“Island-hopping is having an increasing breach impact with 12% of survey respondents citing it as the main cause,” said Rick McElroy, cyber security sStrategist at VMware Carbon Black. “In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.”

Singaporean cybersecurity professionals said they are using an average of more than 11 different tools or consoles to manage their cyber defence program. This indicates a security environment that has evolved reactively as security tools have been adopted to tackle emerging threats.

“Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment,” said McElroy. “As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.”