THE EDGE SINGAPORE - Throughout the Covid-19 pandemic, cybersecurity seems never to be out of the headlines as bad actors pounce on the epochal transformation to workplace practices as an opportunity for attack. Yet the contagion was merely a catalyst for this increase in cyberthreats, with cyberattack incidents growing long before the coronavirus blighted the globe — including Singapore.
According to the Cyber Security Agency of Singapore (CSA), there was a 51.7% jump in cybercrimes from 6,215 cases to 9,340 cases between 2018 and 2019.
“As one of the most connected countries in the world, Singapore remains a target for cyber- attacks and cybercrime. Threat actors have continued to evolve their tactics, resulting in an intensification of malicious cyber activities in 2019,” says David Koh, Singapore’s Commissioner of Cybersecurity and chief executive of CSA. The outbreak of Covid-19 has only accelerated the prevalence of such threats, with 1,500 phishing attacks recorded from March to May — double the preceding three months, according to CSA in its “Singapore Cyber Landscape Report 2019”.
Against this backdrop, firms are increasingly compelled to turn to cybersecurity firms to shore up their defences against a more threatening cyber threat landscape. Research by the Enterprise Strategy Group predicts that 55% of organisations are likely to increase cybersecurity spending in 2020 despite the severe profit losses they have experienced in the wake of the Covid-19 recession. Previously, research firm Cybersecurity Ventures projected that cumulative cybersecurity spending from 2017 to 2025 would come to US$1 trillion ($1.39 trillion) worldwide. This number is expected to rise further following Covid-19.
This is pertinent considering that firms have been cutting overall IT expenditures to lower costs. Statista projected a 5.5% y-o-y fall in cumulative IT expenditures in April 2020 in contrast to a 5.1% rise in January, while Gartner anticipates an IT spending of US$3.4 trillion — a reduction of 8% relative to 2019. Spending on devices and data centre systems are likely to be the worst-hit, declining by 9.7% and 15.5% respectively.
In contrast, cybersecurity is seen as a profitable “future industry” that will grow strongly over the next decade with the accelerated digitalisation of the global economy. According to the Australian Cybersecurity Growth Network in its 2019 Sector Competitiveness Report, global spending in this area last year was US$145 billion and is set to by 86% to US$248 billion by 2026.
High risk, high rewards
PwC considers the Singapore cybersecurity market particularly ripe for growth. While Singapore’s cybersecurity spend per capita is higher than other Asia Pacific economies, it is lower than that of the developed, Western markets such as the US and UK. In addition, it allocates a lower percentage of its IT budget to cybersecurity than its Asia Pacific contemporaries, according to PWC in its “Singapore Cybersecurity Industry Outlook” report. MNCs contribute the majority of cybersecurity expenditure, but SME expenditure is growing at a rapid pace of around 12.8% yearly.
Part of the growth is fuelled by government support. It has, for instance, introduced funding schemes for SMEs including the Start Digital Pack, which provides cybersecurity solutions, among other digital products and services, at no cost to new businesses for at least six months with a minimum 18-month contract. This is likely to help boost cybersecurity expenditure among smaller firms and presents a lucrative opportunity to cybersecurity firms willing to cater to this high-growth market segment.
Nevertheless, Tan Yuh Woei, Asean vice president for leading cybersecurity firm FireEye, notes that SMEs will be under unique pressures as the pandemic drags on. Already suffering severe cash flow pressures from the economic downturn, they may soon find themselves torn between increasing spend ing on cybersecurity or preserving their balance sheets in an environment of increasing cyber attacks. Vulnerable SMEs could compromise the entire supply chain as a whole, as a cyber attack on small- and low-value firms could become a staging point for subsequent strikes on higher-value targets within the same supply chain.
Lee Heng Yu has another perspective. The founder of Polaris Infosec, a Singapore-based cybersecurity player, is of the view that size does not always matter when it comes to cybersecurity. Rather, the mindset of business leaders — young or old — is what makes the difference regarding how prepared or receptive they are to strengthening their cybersecurity abilities.
Many start-ups, for instance, are proving extremely resilient and agile amid the Covid-19 pandemic due to their familiarity with technology and willingness to experiment with new ways of working. It is not difficult to imagine that such firms would be open to integrating cyber security solutions into their firm operations.
According to Tan, the most common threats his clients have faced include ransomware (i.e. where criminals extract private data for ransom) and business e-mail compromise, where attackers impersonate a company affiliate’s email account to make fraudulent requests or orders in their name. Firms have also been looking to strengthen cloud security since companies are increasingly making use of cloud computing to support remote working.
Lee’s clients have also asked for help in identifying phishing scams — an extremely common form of cyber attack during this period. More worryingly, attacks are starting to become more complex and unorthodox, with a rise in unseen or unknown forms of attack emerging.
With security practitioners having yet to develop suitable responses to such attacks, it is likely that firms may find themselves within a “window of vulnerability” that cunning bad actors can take advantage of to strike unopposed. For example, attackers can now breach two-factor authentication (2FA) tokens and one-time-passwords, threatening secure personal information.
“It takes 20 years to build a reputation — and a few minutes for a cyber incident to ruin it,” says Stephane Nappo, chief information security officer at Societe Generale. With cybersecurity a pillar of trust in the business world, expect reputation-conscious businesses having no choice but to shell out top dollar to keep their networks threat-free.
Read also:
