Healthcare sector, SMBs top cybercrime targets in Singapore

While Singapore's global ranking for malicious activities dropped two spots to 39, its healthcare industry and particularly SMBs were most hit by phishing, spam and virus-contained e-mails, according to Symantec study.
Written by Ellyne Phneah, Contributor

Singapore's ranking in terms of malicious online activities within the country has fallen, it was found that the healthcare and small and midsized businesses (SMBs) emerged as the top two targets for cyberattacks within the nation. 

According to the Singapore findings of Symantec's Internet Security Threat Report (ISTR) Volume 18 released Monday, Singapore's overall ranking had fallen from 37th place in 2011 to 39th place in 2012. The top country in terms of malicious activity had be the U.S., followed by China at second place and India at third place, and Taiwan at ninth place.

The global report which was released on April 16, 2013, spans 157 countries over the period from January through December 2012, analyzing global threat activity through data from Symantec's Global Intelligence Network.

Singapore's global ranking in terms of companies being attacked by spam and bots, fell as well. In 2012, Singapore ranked 52nd place and 26th place for spam and bots respectively, compared to 36th place and 21st place for both categories in 2011.

Singapore's ranking, based on malicious activities coming from the country (Source: Singapore's Internet Security Threat Profile, ISTR)

This is an "encouraging" sign, showing that Singapore's Internet security threat posture has improved, Eugene Teo, manager for Security Response at Symantec Singapore, said in an interview with ZDNet Asia. It shows that companies here are becoming more aware of security and are stepping up measures to protect themselves from malicious activities that could hit their organizations, he said. 

Singapore healthcare sector most targeted for malicious activities

The healthcare sector however, is the only industry who made it to all three lists of top five industries affected by spam, phishing and viruses.

The healthcare industry had taken second place in the phishing and viruses categories with 1 in 1010.9 e-mails being a phishing e-mail and 1 in 337 e-mails affected by virus. Within the spam category, 71.24 percent of healthcare companies had been hit by spam, taking fourth place.

Top 5 industries targeted for phishing, virus and spam (Source: Singapore findings, Symantec ISTR)

Teo noted healthcare sector is "interesting" because its core business is to treat patients and perform surgeries, and its IT department's function is to make sure machines are well-maintained to improve patients' health. 

That said, healthcare IT departments should be "wary" as attacks could be driven for political reasons, he noted. For example, if an important political figure was admitted to hospital, hackers could manipulate the machine through hacking to end their lives, he said.

There could also be information related to the healthcare company within the systems so if the company is listed on Singapore's stock exchange, the breaching and exposure of such information could affect their stock prices, he added.

"IT Security within the healthcare sector is still not well-explored and there is quite a bit of work on what they can do to figure out what they can do to secure healthcare systems," Teo said.

SMBs more targeted than large in Singapore

Consistent with global findings, small businesses, defined as companies with less this 250 employees, were also more frequently targeted for malicious activities than the larger companies in Singapore in 2012, Tan Yuh Woei, country director of Symantec Singapore, said in a statement.

According to the Singapore findings, 1 in 1,062.3 e-mails received by SMBs were phishing e-mails, the top category in terms of organization size, while 1 in 699.8 e-mails received by SMBs contained viruses, ranking second in terms of organization size. Among SMBs, 63.16 percent of e-mails were spam, taking the fifth place though.

phishing smb
virus SMB
spam SMB
Organizations targeted for phishing, virus and spam, in terms of number of employees (Source: Singapore findings, Symantec ISTR)

Most SMBs may feel that they are "immune" to targeted attacks but cybercriminals are attracted to their bank account information, customer data and intellectual property, Teo observed.

Attackers also take advantage of the fact that SMBs often lack adequate security practices and infrastructure, unlike the larger companies, making them "easier" targets for breaches, he added.

Editorial standards