SMBs face growing cybersecurity threats, but basic measures can lower risks

Small and midsize businesses are targets of cybercriminals and might not have expandable resources, but they can take heart in having a smaller attack surface to safeguard.
Written by Eileen Yu, Senior Contributing Editor
Lock with abstract data flowing through it
John M Lund Photography Inc/Getty Images

Small and midsize businesses (SMBs) face growing cybersecurity threats and might not have expandable resources, but with a smaller attack surface to safeguard, even basic security measures can go a long way to lowering their risks.

Like their counterparts around the world, SMBs in Singapore have to deal with an increasing volume of cyberattacks. In the first half of this year, 50 unique files that contained malware or unwanted software masked as business applications were distributed to Singapore SMBs, leading to 453 unique attacks detected. This volume was a three-fold increase from a year earlier, when 24 unique files were distributed with 112 unique attacks detected, according to research released Thursday by security vendor Kaspersky. 

Also: The easiest thing you can do to keep your phone secure

It expects the climb in online attacks to continue upward for the rest of the year and recommends SMBs stay vigilant against cyber threats, including phishing and e-mail scams

Singapore SMBs also were hot targets of ransomware attacks last year. Stats released by Cyber Security Agency of Singapore (CSA) indicated there were 132 reported ransomware incidents in 2022, with SMBs most impacted by such attacks, particularly those in manufacturing and retail. 

These businesses are popular targets because they hold valuable information and intellectual property that cybercriminals hope to extort and capitalize on, CSA said, adding that SMBs also often lack resources dedicated to tackling cyber threats.

Also: 3 ways to spot a malware-infected app on your smartphone

Daunting as it may seem, though, smaller organizations still can mitigate their risks by taking heed of the fundamentals.

Most SMBs may not have access to the scale or expertise that larger companies have, but they do have one advantage, said Janil Puthucheary, Singapore's senior minister of state for the Ministry of Communications and Information. 

While SMBs collectively make up a large part of the country's economy, individually, each business remains relatively small, he noted. "That means a relatively small attack surface and the risk of [an SMB] being a primary target is relatively small, compared to bigger companies," Puthucheary said. 

"Correspondingly, what [SMBs] might need for adequate cybersecurity is not the same as large-sized companies or those that form the infrastructure backbone," he added. "Basic cybersecurity measures and hygiene would already be very helpful in transforming [an SMB's] risk profile, such as installing antivirus software and performing proper backup of data. These are not prohibitive and only require commitment and discipline to implement and follow through."

Also: 5 simple ways to improve your Android phone security today

He said the Singapore government has also been providing help to boost SMBs' cybersecurity posture, including offering free toolkits to guide these businesses on what they can do to safeguard against cyber threats. CSA earlier this year introduced a "Chief Information Security Officers-as-a- Service" scheme, giving eligible SMBs up to 70% in funding support and ability to work with cybersecurity service providers to develop tailored cybersecurity plans to improve their security posture.

"Cybersecurity is a team effort. Apart from government efforts, industry and community efforts are equally important and valuable in strengthening our collective cyber defences collectively," said Puthucheary, who was speaking at the launch of Singtel's Cyber Elevate Programme this week.

Pointing to the program, the minister said bringing together various expertise, including legal and incident response specialists, to conduct training workshops for SMBs can strengthen these businesses' cyber resilience. 

The Cyber Elevate Programme is a one-stop training and cyber-incident management initiative, designed to arm SMBs with knowledge of best practices and legal frameworks. It also informs these companies of their obligations in the event of a cyberattack, according to Singtel. 

Also: Don't want your phone hacked? Just do this one thing

The program encompasses various components, including an audit to assess the SMB's cyber risks, training and workshops, and legal and incident response services. Participants, for instance, will be trained on how to triage when systems are infected with malware and how to create a workflow for identifying cyber incidents. The program will cover policies and legal frameworks, such as Singapore's Personal Data Protection Act and Computer Misuse Act. 

In the event of an attack, legal and forensics partners will also guide affected SMBs on managing the incident from an operational, communications, and business continuity perspective, Singtel said. Local cyber-incident response vendor Blackpanda and law firm Drew & Napier are partners in the program. 

SMBs that sign up to the Cyber Elevate Programme can apply for government subsidies of up to 90%, but should have an annual sales turnover of no more than SG$100 million or fewer than 200 employees. 

Editorial standards