What Increased Cybersecurity Threats Mean for the Digital Workforce
In February 2021, staff at Singtel, Singapore’s (the) telecom giant, woke up to an internal memo: hackers had successfully breached its digital third-party document management system and stolen sensitive customer and employee information. By the time a press release was published to allay public concerns, the damage was done. News that 129,000 corporate and individual account information had been stolen had filtered into social media. Consequently, customers sought clarification about the incident and its consequences and requested tighter data privacy regulations to prevent its recurrence.
Singtel’s example is one of Singapore's millions of cybersecurity incidents yearly. Studies show that approximately 8 in 10 organisations have fallen victim to hackers and 53% paid ransoms to recover stolen data. Singapore’s data tracks with global cybersecurity trends. 80% of organisations are expected to experience security incidents, and approximately 80% of victims will pay ransoms to recover stolen data.
The statistics above highlight the current cybersecurity environment but do not provide context for the evolving threat landscape. For example, hackers leveraging AI can ramp up attack volumes by 52% using deep fakes, crafting authentic-looking malware payloads, and bypassing authentication checks to access the digital workforce. As threat actors evolve, businesses must be prepared to mitigate cyberthreat to remain competitive.
Insight into The Types of Cyberthreat
Malware – Using malicious software to attack IT infrastructure remains the most popular cyberthreat that large corporations and small and medium-sized businesses (SMBs) face. Approximately 41% of organisations have experienced malware attacks in one form or another. Malware attacks include using worms, spyware, and ransomware to gain unauthorised access to sensitive data that can be used to steal, blackmail, or be ransomed for money.
Social Engineering – This cyber threat involves manipulating individuals to divulge confidential data that may be used to harm a business or an individual. Manipulation techniques include phishing through fraudulent emails, business email compromise (BEC) scams, fraudulent URLs, text, etc., to gain information.
Man-in-the-middle (MITM) – attacks involve eavesdropping on unsecured network connections to intercept information shared across the digital workplace. Unsecured Wi-Fi connections and vulnerable remote devices provide rich hunting grounds for perpetrators of MITM attacks.
Denial-of-service Attacks involve using overwhelming web traffic generated by bots to overwhelm a web or mobile cyber platform. The goal is to ensure the generated traffic surpasses the platform’s capacity to process it, making the service provided unavailable to its end-users.
Zero-day Exploits – Hackers or bad actors are constantly on the prowl, searching for unknown vulnerabilities within IT systems to exploit. Zero-day vulnerabilities refer to security loopholes within IT systems that administrators or security teams do not know about or have the time to fix.
The Effects of Threat Actors on the Digital Workforce
Human error remains the most common cause of successful cybersecurity breaches, and the majority of the listed threat actors attempt to take advantage of it. Successful malware, social engineering, MITM, and, to an extent, zero-day attacks occur due to employee errors when accessing files or communicating using digital collaboration tools.
Examples such as the Shook Lin & Bok Law Firm ransomware attack and the Axa Insurance data breach highlight the vulnerability of digital workforce platforms. In both scenarios, hackers accessed digital portals and sought financial gain from captured data. These attacks led to financial and reputational loss for both organisations. In the law firm’s case, a ransom of $18.5 million was paid to access the stolen, encrypted data.
SMBs also fall victim to cyberthreats, and in many cases, the effect could be devastating as small businesses do not have the financial resources of large corporations. 54% of SMBs reported security incidents that led to data loss, and three in five Singaporean businesses were willing to pay over $1 million to regain stolen data, but very few could pay ransoms of $5 million. This means larger ransom payments will likely put many SMBs out of business.
Constant Vigilance: The Solution to Dealing with Evolving Cyberthreats
The evolving nature of today’s cyberthreat actors requires a dynamic defence strategy to mitigate security incidents. The Singapore Cybersecurity Strategy recommends that businesses adopt a risk-based approach to continuously monitor critical IT infrastructure and incorporate risk management solutions in IT frameworks. Furthermore, Section 15 of the Cybersecurity Act implores business owners to conduct audits and risk assessments of IT infrastructure annually or biannually, depending on the nature of an organisation. SMBs are also expected to participate in regular cybersecurity exercises to ensure employees remain educated on the evolving threat landscape.
Putting these regulations into practice means either developing a robust cybersecurity department or engaging the assistance of a managed services provider. Creating a cybersecurity unit could cost over $1 million, including staff salaries. On the other hand, engaging a managed-services provider costs approximately $3000 monthly or $36,000 annually. Building from scratch is capital-intensive and out of the reach of most SMBs, making the latter option a better solution to cybersecurity.
The recent CrowdStrike incident puts a real-world perspective on the cost of cybersecurity, the need to work with experts, and the need to remain vigilant. The update of CrowdStrike security software, used by millions of organisations in finance, transportation, retail, and healthcare industries, affected 8.5 million computers and disrupted the global digital workforce. Leveraging its expertise, CrowdStrike could release a fix to organisations within hours.
Although the error was internal, the managed service provider mitigated the downtime within a few hours. Compared to the 277 days the average business takes to respond to security incidents, CrowdStrike’s misfortune highlights the security capabilities and expertise managed services provide.
The digital workforce is only as secure as its weakest link –the average employee. This is why robust cybersecurity awareness campaigns are required at large corporations and SMBs. Managed service providers can educate employees and integrate cutting-edge solutions such as AI to automate the constant monitoring of the digital workplace and apply proactive measures to deal with cybersecurity incidents.
FUJIFILM Security protects organisations using an integrated portfolio of IT solutions and services to enable collaboration across the digital workforce. These services allow enterprises to predict threats and protect collaborative digital platforms in real-time.
How can we help?
As a pioneer in document solutions for over 50 years, FUJIFILM Business Innovation Singapore has a deep understanding of how businesses operate. Our mission is to empower organisations to work efficiently and effectively in the digital age. We offer a comprehensive suite of digital transformation solutions and services, partnering our customers in managing data to automate workflows, leverage data intelligence, and build exceptional customer experiences.
Reach out to find out more!