Singapore companies insufficiently prepared for cyber-attacks

Senior decision-makers in Singapore believe their organisations are more susceptible to serious cyber-attacks during COVID-19, although many of them are not sufficiently prepared.

With remote working becoming a new normal for employees all over the world, the risk of cyber-attacks is higher than ever before. In Singapore, 74% of respondents in the CrowdStrike’s Work Security Index survey are working remotely more often than before due to the pandemic. This is the highest percentage among all the countries covered by the research, namely France, Germany, Great Britain, India, Japan, Netherlands, and the US.

Despite majority of people working remotely in Singapore, the level of cyber security does not support the scale of it. 70% of remote workers in Singapore are using their personal devices for work, and these devices often do not conform to their organisation’s security requirements.

56% of those who use their personal devices indicated in the survey that the devices they use while remote working are only “somewhat secure”, and 12% actually rated their devices “not very secure” or even “not secure at all”.

And more worryingly, 40% of remote workers said their employers had not given them training on the cybersecurity risks associated with remote working, with the figure jumping to 61% for small businesses.

Here are some considerations and criteria for Work Security Preparedness Post COVID-19:

• While having an entirely remote workforce is a new frontier for many organisations, it is important to plan for post-COVID-19. As the transition to – and possibly back from – large-scale remote work will continue to be the norm, maintaining best practices for securing a remote workforce is vital
• Local organisations’ current cybersecurity policies should factor in remote work and give it the same degree of importance as in-office work environments. This includes planning for the use of personal devices, secure access for “bring your own device” (BYOD) on corporate networks and leveraging VPNs to protect sensitive data accessed through insecure Wi-Fi
• In addition, it is crucial to keep employees informed and educated about how to secure their at-home workspace. This starts with maintaining basic cybersecurity hygiene, and continuing cybersecurity training as coronavirus-themed scams escalate and evolve
• Also, organisations that have crisis management and incident response plans prepared and executable by a remote workforce are better equipped to weather the storm of future pandemics and other crises
• As businesses build out their cybersecurity policies, here are a few criteria to consider that can help ensure successful implementation:

1. Make sure that endpoint detection and response (EDR) solutions are able to detect attacks both on corporate and personal devices
2. Utilise managed threat hunting to detect sophisticated adversaries and provide insights into the latest tactics, techniques and procedures (TTPs)
3. Leverage cloud technology to secure corporate, personal, and even mobile devices that contain corporate data