In this, our third Singapore threat report, we find that attack frequency and sophistication have lessened meaning either the technologies Singaporean companies have in place are working to subdue the adversary or that perhaps the attacker has become much more targeted with regard to the types of organization they attempt to infiltrate – certainly our analysis this time shows that mid-sized organisations are facing a much more intense threat environment than larger or smaller counterparts. Whilst only a modest 43% of security professionals said the volume of attacks they faced has increased, attackers are employing a more diverse range of tactics and techniques than ever before as they bid to extort, disrupt and infiltrate organizations.
The sustained attack frequency and sophistication revealed in this iteration of the report shows that, however fast Singaporean businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster. 67% of security professionals say attacks have become more sophisticated, 22% of those say they have become significantly more advanced.
67% of security professionals say attacks have become more sophisticated.
This report reveals a shift in the causes of successful breaches. OS vulnerability is the most common cause, comprising one fifth of breaches, but third party application breaches account for 15%, more than double the impact they had in our last report.
Island hopping has more than trebled in attack frequency compared to October 2019 and is now the most commonly experienced attack for 10%. It has caused 12% of breaches. Clearly, the extended enterprise ecosystem is generating considerable security concerns.
Respondents are already operating an average of more than eleven different consoles or agents to manage their security program. This indicates a security environment that has evolved reactively as security tools have been bolted on to tackle emerging threats, not built-in. This has resulted in siloed, hard-to-manage environments that hand the advantage to attackers from the start; evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalization, strategic thinking and clarity over security deployment.
Island hopping has more than trebled in attack frequency compared to October 2019.
90% of our survey participants anticipated an increase in spend.
54% of respondents say they will need to increase security spending and controls to support 5G rollout.
The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward. Our COVID-19 research has found that the predominant gaps identified in disaster recovery planning revolve around communication with external parties such as customers, prospects and suppliers, as well as challenges enabling the remote workforce and communicating with employees.
Nearly a third of respondents (32%) recounted the inability to institute multi-factor authentication as the biggest threat to their company. Second to this was COVID-19 malware with 14% and third was phishing emails (12%). 9% cited spear phishing, 8% stated inability to roll out timely software patches, and IoT exposure.
Other notable threats were social engineering (4%), masquerading (3%), and ransomware (2%).
The inability to institute multi-factor authentication was the biggest threat for financial services organizations with 47% claiming this to be the case. Likewise, COVID-19 related malware (12%) and phishing emails (13%) was also an issue for this vertical.
For company sizes of 251 to 500 employees the biggest impact was the inability to institute multi-factor authentication (42%).
Those with IT team sizes of 21-30 reported the biggest threat impact (50%) was the inability to institute multi-factor authentication. This was followed by teams with 31-40 staff with 43%.
52% of those surveyed reported very significant gaps in terms of the effectiveness of their disaster recovery planning around communication with their external parties.
93% of all Singapore respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home.