Navigating the new infosec frontier

Companies in Singapore have prioritised business continuity and resilience over cybersecurity in digital transformation activities during the last two years. To ensure business continuity during COVID, businesses had to struggle with and quickly adjust to remote work, as well as incorporate bring your own device – or BYOD – security policies.

Most corporate networks have extended far beyond the borders of the traditional office. Employees accessing sensitive information over their home networks and personal devices created security gaps that cybercriminals have been quick to exploit.

Infoblox’s State of Security Report 2022 for Singapore found that over the last 12 months, 65% of Singaporean organisations faced six or more security incidents that resulted in data breaches – 14% higher than the global average of 21%.

Furthermore, organisations here had some of the slowest incident response rates worldwide. Less than half of Singapore organisations were able to respond to a threat within 24 hours. This worrying gap in incident response timing and our high breach rate demonstrate an urgent need for organisations to update their detection and mitigation capabilities.

The bottom line at stake

Cyberattackers are setting their sights on gaining illegal entry into organisational networks and devices to get their hands on customer and other sensitive data. Much is at stake with the report finding that one in three organisations suffered up to US$1 million in direct and indirect damages. On top of that, lost customer trust from breaches can last long term.

Additionally, data breaches risk the exposure of sensitive information such as personally identifiable information (PII), which can incur compliance penalties. Government regulations around the storage and protection of PII have only gotten stricter. For example, the Singaporean government will fine big firms for data breaches up to 10% of turnover from October this year. With poor network visibility, a security talent shortage, and a lack of funding for all impending threat detection efforts, these potential data breaches are immediate threats to brand reputation and the bottom line.

Prevention is better than cure

With cyberthreats escalating in complexity and severity, organisations need to take an all-hands-on-deck approach. This spans decision makers and security professionals to rank-and-file employees, all doing their part in practising security hygiene related to their risk exposure.

Social engineering attacks are one of the main ways cybercriminals are getting past our guards. Phishing attacks are responsible for 68% of breaches over the past 12 months according to the report. In phishing, cybercriminals often leverage psychological tactics like fear or urgency to get past their victims’ defences, and more often than not, the success of these attacks highlights a lack of awareness on the victim’s part. As such, organisations must educate employees to build up their vigilance.

Organisations must also put their money where their mouth is to boost their cybersecurity postures. Fortunately, 69% of respondents are receiving larger IT security budgets in 2022 and network security controls, including DNS security tools, top the list of budget investments.

Singapore’s high rate of security incidents and slow incident response rate leaves us plenty of room for improvement. With hybrid work here to stay, cloud-first network security is a necessity for CIO and CISO teams.